>>>>> On Mon, 08 Sep 2003 12:34:08 -0500,
	seebs@plethora.net (Peter Seebach) said:

>> The same problem exists in BSD auth, too.

> Not necessarily.

Yeah, as I agreed with itojun.

>> Because every BSD auth module runs with root privilege, each new
>> module introduces risks that a compromised module modifies other
>> process's state by ptrace(2).

> BSD auth modules run with whatever privileges you choose to give
> them.  If you wanted to make one which ran under a non-root user ID,
> and make it use files readable and writable only by that user ID,
> that would work too.

Yeah. But default installation requires 6 more setuid root programs
with BSD auth. So, your objection sounds not practical, but just
theoretical for me.
--
soda