Bugtraq mailing list archives

Re: PAM applications running as root (Was Re: WebTrends Enterprise

From: alan () LXORGUK UKUU ORG UK (Alan Cox)
Date: Fri, 15 Oct 1999 17:51:15 +0100

It is NOT a requirement of the PAM framework that application be running as
root.  There are two cases though that make login type applications need to
run as root.

      1) The password is stored in /etc/shadow which only root can read
         If the password was in NIS/NIS+/LDAP then the authentication
         could succeed are an ordinary user.


This is not correct either. A good PAM implementation supports shadow
authentication (although not update) via setuid helpers

Alan

Current thread:

PAM applications running as root (Was Re: WebTrends Enterprise Reporting Server) Darren Moffat (Oct 14)
- Re: PAM applications running as root (Was Re: WebTrends Enterprise Alan Cox (Oct 15)
- OpenLink 3.2 Advisory Tymm Twillman (Oct 15)
- execve bug linux-2.2.12 ben () VALINUX COM (Oct 15)
  - Netscape 4.x buffer overflow Michael Breuer (Oct 15)
    - Netscape 4.x buffer overflow Max Vision (Oct 18)
  - Re: execve bug linux-2.2.12 Perly (Oct 15)
  - Re: execve bug linux-2.2.12 visi0n (Oct 15)
  - Re: execve bug linux-2.2.12 Alan Cox (Oct 16)
    - Re: execve bug linux-2.2.12 ben () VALINUX COM (Oct 16)
    - Re: execve bug linux-2.2.12 Matt Chapman (Oct 18)
    - Re: execve bug linux-2.2.12 Taneli Huuskonen (Oct 19)

(Thread continues...)