|
From: | Brian Murphy |
Subject: | Re: PAM authentication patch - v2 |
Date: | Tue, 15 Apr 2003 20:30:18 +0200 |
User-agent: | Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020623 Debian/1.0.0-0.woody.1 |
Larry Jones wrote:
Brian Murphy writes:If cvs should ever become a daemon and run suid then this could be a problem.Isn't that essentially what happens when you run pserver from inetd as root as shown in the manual?
Yes but you can't make another binary that runs as root with a different name simply by making a soft link to it. You would also need to be able to edit inetd.conf and give the program these permissions when run from inetd. This requires that you are root or at least that root has given you the capability to do this. If root has given you this capability then you can run a root shell and any PAM configuration won't help. With cvs, if you are a local user the cvs program can't do anything the local user can't do anyway. /Brian
[Prev in Thread] | Current Thread | [Next in Thread] |