[prev in list] [next in list] [prev in thread] [next in thread]
List: opensolaris-security-discuss
Subject: Re: [security-discuss] Comments in CR #6596519 ("RFE:
From: Roland Mainz <roland.mainz () nrubsig ! org>
Date: 2007-08-29 23:53:25
Message-ID: 46D606F5.3FAE66 () nrubsig ! org
[Download RAW message or body]
Roland Mainz wrote:
[snip]
> > I think the best way forward here is to get a prototype up and running
> > and do a detailed security audit to make sure that admins writting shell
> > script pam modules can't trivially destroy security.
>
> How is the audit done ?
I just did a quick look at
http://src.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/lib/pam_modules/allow/allow.c
... it may be possible to hack a prototype within a day (assuming I
restrict it to pass the arguments from |pam_sm_*()| into a compound
variable and implement only a "pam_putenv" builtin (and maybe a
"pam_getenv")) plus the usual two day compile time...
----
Bye,
Roland
--
__ . . __
(o.\ \/ /.o) roland.mainz@nrubsig.org
\__\/\/__/ MPEG specialist, C&&JAVA&&Sun&&Unix programmer
/O /==\ O\ TEL +49 641 7950090
(;O/ \/ \O;)
_______________________________________________
security-discuss mailing list
security-discuss@opensolaris.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic