[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: pam_access: repatch

From: Julien Lecomte <julien lecomte at>
To: Pluggable Authentication Modules <pam-list redhat com>
Subject: Re: pam_access: repatch
Date: Sat, 29 Sep 2007 02:22:03 +0200

On 27/09/2007 07:01, Thorsten Kukuk wrote:

On Thu, Sep 27, Julien Lecomte wrote:
I remember that the "getpwuid" part didn't please you; and you actuallyremoved it from the patch applied.
Yes, because it is wrong and will not do what you expect.
getuid() returns the real user ID of the current process, not the one
of the old or new user account. So getpwuid(getuid()) returns the
passwd entry of the current process owner, which does not need to have
anything to do with the old or new user.


I've got your point testing pam_access with sshd and su.

From what I understand, we could add an extra parameter to pam_accessto allow to use getuid() in the case of 'su'.


Julien

References:
- pam_access: repatch
  - From: Julien Lecomte
- Re: pam_access: repatch
  - From: Thorsten Kukuk

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]