[12253] in bugtraq
Re: PAM applications running as root (Was Re: WebTrends Enterprise
daemon@ATHENA.MIT.EDU (Alan Cox)
Fri Oct 15 20:59:06 1999
Content-Type: text
Message-Id: <E11cAZY-0004s7-00@the-village.bc.nu>
Date: Fri, 15 Oct 1999 17:51:15 +0100
Reply-To: Alan Cox <alan@LXORGUK.UKUU.ORG.UK>
From: Alan Cox <alan@LXORGUK.UKUU.ORG.UK>
X-To: darren.moffat@sunuk.UK.Sun.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <199910142152.WAA08467@otis.UK.Sun.COM> from "Darren Moffat" at
Oct 14, 99 02:52:59 pm
> It is NOT a requirement of the PAM framework that application be running as
> root. There are two cases though that make login type applications need to
> run as root.
>
> 1) The password is stored in /etc/shadow which only root can read
> If the password was in NIS/NIS+/LDAP then the authentication
> could succeed are an ordinary user.
This is not correct either. A good PAM implementation supports shadow
authentication (although not update) via setuid helpers
Alan
