Dropping privs by PAM modules.

[s_n <jusnet vp pl>]

Hi,

I'm just wondering about dropping privilages by pam modules, does it 
make sense to you anyway? How to consider such behaviour, improved 
security or is it just security by obscurity? Anyway, imagine badly 
coded module, which can be circumvented by an attacker and used to 
launch his own code. Will dropping privs mitigate the possible loses 
coused by such malicious code? What are you thinking about it?

Sincerly,
Filip (s_n) Palian.


:wq!