Nicolas: > On Thu, Mar 06, 2008 at 01:21:28PM -0600, Brian Cameron wrote: >> Although using least-privilege might not make sense with PAM modules, it >> does seem a good idea to try to take advantage of least privilege >> technologies when possible. >> >> Your suggestion to make it possible to configure the privileges for PAM >> modules seems like it wouldn't be a horrible idea. > > PAM assumes all privileges are required. I think that's an assumption > best left alone.
Oh, I agree. However, the Linux community obviously thinks differently here. They think that using least privilege in the PAM lock screen case is a good idea. I am not sure it is worth the time to argue the merits of one or the other approach with the Linux community. It's probably not constructive for either to call the other "broken", for example. After all, we are not going to invest the time to fix the Linux implementation if we don't like it, so why criticize. That said, since the lockscreen programs we want to use on Solaris includes ones that also need to work in Linux environments (such as gnome-screensaver as xscreensaver), we should understand our assumptions to the point where we can carry intelligent dialog with our Linux partners about why we do things differently, etc. People like the gnome-screensaver maintainer tends to ignore our requests for help when we can't explain why we do things the way we do. Part of the problem here is probably just that people in the JDS and Xserver team are trying to carry on the dialog with the gnome-screensaver people, rather than people who really know the ins and outs of the security models. So, I do appreciate you and others explaining why things work different on Solaris. At the very least, that helps me be more clear and accurate with future negotiations. Brian
