On Wed, Feb 11, 2026 at 04:54:19AM +0100, Vincent Lefevre wrote: > On 2026-02-10 19:21:06 -0500, Thomas Dickey wrote: > > On Wed, Feb 11, 2026 at 01:13:05AM +0100, Vincent Lefevre wrote: > > > I don't know how this works, but I'm wondering why you mentioned > > > authentication. The only thing that should be used concerning the > > > user is the PID of the process. > > > > man pam: > > > > pam - Pluggable Authentication Modules Library > > > > ... > > > > DESCRIPTION > > PAM is a system of libraries that handle the authentication tasks of > > applications (services) on the system. The library provides a stable > > general interface (Application Programming Interface - API) that > > privilege granting programs (such as login(1) and su(1)) defer to to > > perform standard authentication tasks. > > > > I'd suppose PAM wants more than a process-id, > > and am asking how you suppose that could be accomplished. > > I would have thought that there may be contexts where authentication > is not needed (e.g. because the user has already authentified > themselves at a higher level). But I really don't know how PAM works.
Barring problems that you might read about on oss-security, there's no way that PAM is going to provide a way to bypass the permissions needed to update systemd's replacement for wtmp. -- Thomas E. Dickey <[email protected]> https://invisible-island.net
signature.asc
Description: PGP signature
