[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Dropping privs by PAM modules.

From: Thorsten Kukuk <kukuk suse de>
To: Pluggable Authentication Modules <pam-list redhat com>
Subject: Re: Dropping privs by PAM modules.
Date: Mon, 11 Dec 2006 20:11:08 +0100

On Mon, Dec 11, s_n wrote:

> Hi,
> 
> I'm just wondering about dropping privilages by pam modules, does it 
> make sense to you anyway? How to consider such behaviour, improved 
> security or is it just security by obscurity? Anyway, imagine badly 
> coded module, which can be circumvented by an attacker and used to 
> launch his own code. Will dropping privs mitigate the possible loses 
> coused by such malicious code? What are you thinking about it?

How do you know that this privs are no longer needed by the other
stacked PAM modules or the application itself?

So no, it does not make any sense.

  Thorsten

-- 
Thorsten Kukuk         http://www.suse.de/~kukuk/      kukuk suse de
SUSE LINUX Products GmbH       Maxfeldstr. 5       D-90409 Nuernberg
--------------------------------------------------------------------    
Key fingerprint = 8C6B FD92 EE0F 42ED F91A  6A73 6D1A 7F05 2E59 24BB

References:
- Dropping privs by PAM modules.
  - From: s_n

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]