Subject: Re: BSD Authentication
To: Peter Seebach <seebs@plethora.net>
From: Noriyuki Soda <soda@sra.co.jp>
List: current-users
Date: 09/09/2003 00:55:17
seebs@plethora.net (Peter Seebach), wrote:
> the caller's address space; this means that, even apart from an intentional
> attack, that a bug in a PAM module can do things within an otherwise
> carefully-audited program.  Each new module introduces that risk all over

The same problem exists in BSD auth, too.
Because every BSD auth module runs with root privilege, each new
module introduces risks that a compromised module modifies other
process's state by ptrace(2).
--
soda