Re: Debian packages relying on TMPDIR
>>>>> "Shane" == Shane Wegner <shane@debian.org> writes:
Shane> Hmm I'm not sure how this would work. The problem isn't
Shane> the init.d script calling su, the problem is the init.d
Shane> script executes the daemon and the daemon drops privilege
Shane> using the setuid() library call. This, unless I'm totally
Shane> off has nothing to do with PAM.
Yes, that is a problem.
I don't know anything about PAM, but was wondering if these daemons
could call the PAM functions to open and close a PAM session as
appropriate... I get the impression from talking to others that PAM[1]
can do this, and doesn't always have to used for authentication in
conventional servers like is done most of the time at the moment.
Note:
[1] there are people who say clients as well as daemons should support
PAM. Sorry, I can't remember all of the reasons now, but I think it
was so administrators can monitor and/or control outgoing connections
as well as incoming connections. I wasn't entirely convinced myself,
but have an open mind on the subject.
--
Brian May <bam@debian.org>
Reply to: