Bug#278394: PAM not run in single address space
I think this use of threads is relatively safe.
Basically as I understand it, threads are used to allow the event loop
to run while holding for pam conversation functions.
Likely ways such a design could break:
* Allowing the pam authentication thread to escape and somehow getting into the rest of the code
* Allowing two pam threads to exist
* failing to cleanup the pam thread
* Having some interaction where a PAM module or one of its
dependencies detects that it is running in a threaded application
and changes its behavior.
I think all of these are unlikely. I'd be happy to audit the code to
give a better risk description. I'll assume such an audit would be
welcome and start working on it.
In many ways I think using threads simplifies the code. Note for
example that #252676 could not have happened with threads enabled.
--Sam
Reply to: