A newbie question
Thorsten Kukuk
kukuk at suse.de
Wed Jul 25 09:54:34 UTC 2007
On Wed, Jul 25, Nicolas Tse wrote:
> Hi everyone,
>
> I wonder how the PAM module used in login can prevent
> the modification from the hostile user(someone may
> modify all the return values of the PAM module to
> PAM_SUCCESS to cheat the system).
Only root can modify PAM modules in /lib/security. If this
hostile user has write rights for /lib/security, you have
a real problem which has nothing to do with PAM.
If you has not, he cannot modify the return values of a
module.
Thorsten
--
Thorsten Kukuk, Project Manager/Release Manager SLES
SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg
GF: Markus Rex, HRB 16746 (AG Nuernberg)
More information about the Pam-list
mailing list