Re: ITP or RFP pam-redhat or request to merge pam-redhat in pam

To: Fumitoshi UKAI <ukai@debian.or.jp>
Cc: debian-devel@lists.debian.org, pam@packages.debian.org
Subject: Re: ITP or RFP pam-redhat or request to merge pam-redhat in pam
From: Sam Hartman <hartmans@debian.org>
Date: Mon, 04 Nov 2002 15:35:33 -0500
Message-id: <[🔎] tsl1y61gjje.fsf@konishi-polis.mit.edu>
In-reply-to: <[🔎] 87d6plmaif.wl@etrange.ukai.org> (Fumitoshi UKAI's message of "Tue, 05 Nov 2002 03:54:00 +0900")
References: <[🔎] 87d6plmaif.wl@etrange.ukai.org>

>>>>> "Fumitoshi" == Fumitoshi UKAI <ukai@debian.or.jp> writes:

    Fumitoshi> mischief files to attack the code w3mimgdisplay uses. I
    Fumitoshi> want to avoid to use setuid root as much as possible.

Please make sure that you do not introduce bigger security holes in
your attempt to avoid using setuid root than you solve by avoiding
setuid root.


    Fumitoshi> I can package pam-redhat as deb package, but it may be
    Fumitoshi> better to be included in pam or managed with pam
    Fumitoshi> packages.  What is the good way to put pam-redhat in
    Fumitoshi> debian?

I'd start by doing a security audit of the pam_console code.  Does it
work by changing the permissions of the console device or granting
extra groups to the user?

If all you want to package is just pam_console, you probably want to
call the package libpam-console, not pam-redhat even though it does
come from Redhat's PAM distribution.



Note that pam_console is not going to be particularly useful unless
you can convince applications like login to actually use it.

Reply to:

References:
- ITP or RFP pam-redhat or request to merge pam-redhat in pam
  - From: Fumitoshi UKAI <ukai@debian.or.jp>

Prev by Date: Re: ITP or RFP pam-redhat or request to merge pam-redhat in pam
Next by Date: Re: Legal Advice for Pennies a day!!
Previous by thread: Re: ITP or RFP pam-redhat or request to merge pam-redhat in pam
Next by thread: Re: ITP or RFP pam-redhat or request to merge pam-redhat in pam
Index(es):
- Date
- Thread