[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian packages relying on TMPDIR

>>>>> "Shane" == Shane Wegner <shane@debian.org> writes:

    Shane> Hmm I'm not sure how this would work.  The problem isn't
    Shane> the init.d script calling su, the problem is the init.d
    Shane> script executes the daemon and the daemon drops privilege
    Shane> using the setuid() library call.  This, unless I'm totally
    Shane> off has nothing to do with PAM.

Yes, that is a problem.

I don't know anything about PAM, but was wondering if these daemons
could call the PAM functions to open and close a PAM session as
appropriate... I get the impression from talking to others that PAM[1]
can do this, and doesn't always have to used for authentication in
conventional servers like is done most of the time at the moment.

Note:

[1] there are people who say clients as well as daemons should support
PAM. Sorry, I can't remember all of the reasons now, but I think it
was so administrators can monitor and/or control outgoing connections
as well as incoming connections. I wasn't entirely convinced myself,
but have an open mind on the subject.
-- 
Brian May <bam@debian.org>
Reply to: