|
From: | Brian Murphy |
Subject: | Re: PAM authentication patch - v2 |
Date: | Tue, 01 Jul 2003 17:18:40 +0200 |
User-agent: | Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030529 |
Steve McIntyre wrote:
Cool patch - I see you've spent a lot more effort on the docs than I
Thanks.
Not really (a security hole). That is as long as you don't suid/sgid your cvsdid in mine (most recent against 1.12.1 attached for reference). Just one point that worries me - you only hardcode the pam service name if specifically configured that way, otherwise you just use the program_name. This is very dangerous and is specifically warned against in the PAM documentation I've read. If a user can sym-link to your CVS binary and use another name (easily done), they then get the option of using whichever PAM config they want. That's a security hole waiting to happen!
binary. If you do then you need to force the service name to something. If you don't then the only way of exploiting the security hole is to be the root user and root can do anything anyway. The cvs documentation explicitly states the use of CVS in suid mode is unsupported and evil (perhaps I extrapolate a little ;-)). Hence no problem. /Brian
[Prev in Thread] | Current Thread | [Next in Thread] |