[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Patch 1: Abort on Load Error



Andrew Morgan writes:
>I'm going through the patches Michael sent, and the following one
>looks wrong. The manuals from Sun state that if a module is not found
>or there is a problem loading it, then the corresponding entry in
>pam.conf is ignored.

Ouch!  So if you loose your modules in a disk crash, but otherwise
your machine is OK, then you have *no* security whatsoever.  All
operations are permitted.

Sounds about as secure as NFS...

>Please feel free to elaborate on the trouble that led to the need for
>this patch. If there is a real problem I think there must be a better
>way to solve it.

We tried "accidentally" deleting required modules and suddenly no
authentication was performed and all operations were allowed.  That's
not acceptable IMHO.

What's your better way to solve this problem?

michaelkjohnson

"Ever wonder why the SAME PEOPLE make up ALL the conspiracy theories?"




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []