[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PAM authentication patch - v2
|
From: |
Brian Murphy |
|
Subject: |
Re: PAM authentication patch - v2 |
|
Date: |
Fri, 18 Apr 2003 11:07:17 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020623 Debian/1.0.0-0.woody.1 |
Max Bowsher wrote:
No, but is there any functional benefit from ignoring the warnings?
Yes. It gives the flexibility that making a soft link to the cvs binary
gives a new
pam configuration. SSH is also configured this way.
The warnings:
http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam_appl-4.html#ss4.
2
They are quite emphatic about it.
Since there are valid reasons to run cvs setuid or setgid, is this worth the
risk?
How many people actually use cvs this way? There is nothing
in the documentation saying how to use cvs suid and in fact recommends to
use pserver to do the things you might want to do via an suid binary.
If you do decide it is worth the risk, I'm sure cautious sysadmins would
appreciate a configure option to force hardcoding.
I will do this, I would also prefer to have this option.
/Brian
- Re: PAM authentication patch - v2, (continued)
- Re: PAM authentication patch - v2, Brian Murphy, 2003/04/20
- Re: PAM authentication patch - v2, Mark D. Baushke, 2003/04/20
- Re: PAM authentication patch - v2, Brian Murphy, 2003/04/27
- Re: PAM authentication patch - v2, Mark D. Baushke, 2003/04/28
- Re: PAM authentication patch - v2, Brian Murphy, 2003/04/28
- Re: PAM authentication patch - v2, Derek Robert Price, 2003/04/29
- Re: PAM authentication patch - v2, Max Bowsher, 2003/04/17
- Re: PAM authentication patch - v2, Mark D. Baushke, 2003/04/17
- Re: PAM authentication patch - v2, Larry Jones, 2003/04/16
- Re: PAM authentication patch - v2, Max Bowsher, 2003/04/17
- Re: PAM authentication patch - v2,
Brian Murphy <=
Re: PAM authentication patch - v2, Brian Murphy, 2003/04/15