> > That is different from PAM, where every application must be able to deal
> > with the set-bits just in case.
> 
> This is not true, either.
> Do /usr/libexec/ftpd, /usr/libexec/rshd, /usr/libexec/rlogind and
> /usr/libexec/telnetd has the setuid bit? No.
> Most of programs which need to call PAM don't have to be setuid root,
> because they *already* has root privilege.

This is bogus, inetd wouldn't have to be root if these programs didn't
need root privileges.

A random thought on how to do secure authentication without require any
applications to either run as root or be suid root.

1) add a flag to fork to mark that the child process is doing authentication.
2) make the parent block until that child exits
3) allow that specific child to set the uid/gid (etc) of its parent
   provided it could give itself the same ids.

The authentication programs would then be suid binaries in their own right,
but would only be able to do anything when run in the correct way.

	David

-- 
David Laight: david@l8s.co.uk