Module Idea

["B.J. Black" <bj schmong org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all!

I haven't been able to find evidence of such a thing, so I thought I'd
ask here before (re)writing one...

I'm thinking it'd be handy to have a session module that would run an
arbitrary command (as root) at session start/end/whatever.  I don't see
one out there and think it'd be pretty easy to write it.

Maybe call it pam_exec or similar.  Other than the obvious security
concerns, is there any terribly compelling reason not to do so?  In most
cases, putting a setuid command in /etc/profile et al would work too but
probably not quite as cleanly...

- --bj

P.S. Oddly enough, I wrote such a thing a few years back when I last
tinkered with the innards of linux-pam, but couldn't release it because
of the company I was working at.  Now I'm not encumbered and it's a
fairly easy hack, so...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFG6tqABWZe+3ib/AERAq4kAJ9ygQQpB/zNuecrqqm1154PD0YUWwCcD/Ra
ijkduJMYOYGs4dLG5H/GK8s=
=egAg
-----END PGP SIGNATURE-----