'Re: [security-discuss] Comments in CR #6596519 ("RFE:'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       opensolaris-security-discuss
Subject:    Re: [security-discuss] Comments in CR #6596519 ("RFE:
From:       Roland Mainz <roland.mainz () nrubsig ! org>
Date:       2007-08-29 23:53:25
Message-ID: 46D606F5.3FAE66 () nrubsig ! org
[Download RAW message or body]

Roland Mainz wrote:
[snip]
> > I think the best way forward here is to get a prototype up and running
> > and do a detailed security audit to make sure that admins writting shell
> > script pam modules can't trivially destroy security.
> 
> How is the audit done ?

I just did a quick look at
http://src.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/lib/pam_modules/allow/allow.c
... it may be possible to hack a prototype within a day (assuming I
restrict it to pass the arguments from |pam_sm_*()| into a compound
variable and implement only a "pam_putenv" builtin (and maybe a
"pam_getenv")) plus the usual two day compile time...

----

Bye,
Roland

-- 
  __ .  . __
 (o.\ \/ /.o) roland.mainz@nrubsig.org
  \__\/\/__/  MPEG specialist, C&&JAVA&&Sun&&Unix programmer
  /O /==\ O\  TEL +49 641 7950090
 (;O/ \/ \O;)
_______________________________________________
security-discuss mailing list
security-discuss@opensolaris.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic