Bug#278394: PAM not run in single address space
On Fri, Oct 29, 2004 at 10:38:03AM -0400, Sam Hartman wrote:
> I just wanted to let you know that I have done an audit of the thread
> code in auth-pam.c.
>
> This is the simplest use of threads I've ever seen outside of a
> classroom exercise.
>
> The authentication thread is self contained and I don't see how it
> could manage to escape into other parts of the program. Similarly,
> the process managed is significantly simplified in the threads case
> compared to the non-threads case.
>
>
> Short of a libc bug or a misbehaving PAM module I would be surprised
> if this code introduces any problems.
OK, that's fairly conclusive; thanks. I've committed your patch, with
the additional change that I arranged for only sshd to be linked against
libpthread, since only sshd includes auth-pam.c; that seemed like a less
risky course.
I'll upload once Steve has reviewed the current version of openssh in
unstable and (I hope) moved it into testing.
Cheers,
--
Colin Watson [cjwatson@debian.org]
Reply to: