On Wednesday 18 May 2005 15:11, Chad Hanson wrote:
Currently what is the expected behavior of non-setuid root
applications
which utilize the PAM framework?
The current behavior is that it should fail looking up the audit status and
then not do anything else with audit. You won't get a record, and but you
should be allowed to continue.
We were doing some testing with newrole (non-setuid root) which uses
PAM for
authentication but fails to audit (unless you are root) authentication
records due to lack of audit capabilities. Newrole succeeds normally without
being setuid because password checking happens via a setuid helper.
I asked if we needed to support that app and it was determined that we don't
need to do anything until we start LSPP work.
Is there an idea of such a helper for the PAM audit framework?
No. Far too easy to abuse.
Or should newrole be a setuid root application?
Not unless its been carefully reviewed and everyone agrees that its the right
thing and safe.
-Steve