Brian Cameron wrote:
> Some Linux people say that this approach is better because it follows
> "least privilege" principles, only providing authority to code that
> needs it rather than running the whole PAM stack as root.
>
> However, on Solaris we have more sophisticated "least privilege"
> technologies that allow us to easily run PAM modules as root and
> drop privileges that are not needed.
How can we do that when we have no idea what privileges PAM modules we've
never seen may need? For instance, if we dropped the fork/exec privilege
it would break PAM modules that did use helper programs for whatever reason.
Short of extending pam.conf to list required privileges for each module, and
then having the PAM library drop those not needed, I don't see any way we can
safely apply least privilege to PAM clients like xscreensaver.
--
-Alan Coopersmith- alan.coopersmith at sun.com
Sun Microsystems, Inc. - X Window System Engineering
