| Server IP : 103.119.228.120 / Your IP : 3.133.128.227 Web Server : Apache System : Linux v8.techscape8.com 3.10.0-1160.119.1.el7.tuxcare.els2.x86_64 #1 SMP Mon Jul 15 12:09:18 UTC 2024 x86_64 User : nobody ( 99) PHP Version : 5.6.40 Disable Function : shell_exec,symlink,system,exec,proc_get_status,proc_nice,proc_terminate,define_syslog_variables,syslog,openlog,closelog,escapeshellcmd,passthru,ocinum cols,ini_alter,leak,listen,chgrp,apache_note,apache_setenv,debugger_on,debugger_off,ftp_exec,dl,dll,myshellexec,proc_open,socket_bind,proc_close,escapeshellarg,parse_ini_filepopen,fpassthru,exec,passthru,escapeshellarg,escapeshellcmd,proc_close,proc_open,ini_alter,popen,show_source,proc_nice,proc_terminate,proc_get_status,proc_close,pfsockopen,leak,apache_child_terminate,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,dl,symlink,shell_exec,system,dl,passthru,escapeshellarg,escapeshellcmd,myshellexec,c99_buff_prepare,c99_sess_put,fpassthru,getdisfunc,fx29exec,fx29exec2,is_windows,disp_freespace,fx29sh_getupdate,fx29_buff_prepare,fx29_sess_put,fx29shexit,fx29fsearch,fx29ftpbrutecheck,fx29sh_tools,fx29sh_about,milw0rm,imagez,sh_name,myshellexec,checkproxyhost,dosyayicek,c99_buff_prepare,c99_sess_put,c99getsource,c99sh_getupdate,c99fsearch,c99shexit,view_perms,posix_getpwuid,posix_getgrgid,posix_kill,parse_perms,parsesort,view_perms_color,set_encoder_input,ls_setcheckboxall,ls_reverse_all,rsg_read,rsg_glob,selfURL,dispsecinfo,unix2DosTime,addFile,system,get_users,view_size,DirFiles,DirFilesWide,DirPrintHTMLHeaders,GetFilesTotal,GetTitles,GetTimeTotal,GetMatchesCount,GetFileMatchesCount,GetResultFiles,fs_copy_dir,fs_copy_obj,fs_move_dir,fs_move_obj,fs_rmdir,SearchText,getmicrotime MySQL : ON | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON Directory : /usr/share/doc/pam-devel-1.1.8/html/ |
Upload File : |
<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>Chapter 4. Security issues of Linux-PAM</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="Linux-PAM_ADG.html" title="The Linux-PAM Application Developers' Guide"><link rel="up" href="Linux-PAM_ADG.html" title="The Linux-PAM Application Developers' Guide"><link rel="prev" href="adg-interface-programming-notes.html" title="3.3. Programming notes"><link rel="next" href="adg-security-library-calls.html" title="4.1. Care about standard library calls"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 4.
Security issues of <span class="emphasis"><em>Linux-PAM</em></span>
</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="adg-interface-programming-notes.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="adg-security-library-calls.html">Next</a></td></tr></table><hr></div><div class="chapter"><div class="titlepage"><div><div><h1 class="title"><a name="adg-security"></a>Chapter 4.
Security issues of <span class="emphasis"><em>Linux-PAM</em></span>
</h1></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl class="toc"><dt><span class="section"><a href="adg-security-library-calls.html">4.1. Care about standard library calls</a></span></dt><dt><span class="section"><a href="adg-security-service-name.html">4.2. Choice of a service name</a></span></dt><dt><span class="section"><a href="adg-security-conv-function.html">4.3. The conversation function</a></span></dt><dt><span class="section"><a href="adg-security-user-identity.html">4.4. The identity of the user</a></span></dt><dt><span class="section"><a href="adg-security-resources.html">4.5. Sufficient resources</a></span></dt></dl></div><p>
PAM, from the perspective of an application, is a convenient API for
authenticating users. PAM modules generally have no increased
privilege over that possessed by the application that is making use of
it. For this reason, the application must take ultimate responsibility
for protecting the environment in which PAM operates.
</p><p>
A poorly (or maliciously) written application can defeat any
<span class="emphasis"><em>Linux-PAM</em></span> module's authentication
mechanisms by simply ignoring it's return values. It is the
applications task and responsibility to grant privileges and access
to services. The <span class="emphasis"><em>Linux-PAM</em></span> library
simply assumes the responsibility of <span class="emphasis"><em>authenticating</em></span>
the user; ascertaining that the user <span class="emphasis"><em>is</em></span> who they
say they are. Care should be taken to anticipate all of the documented
behavior of the <span class="emphasis"><em>Linux-PAM</em></span> library
functions. A failure to do this will most certainly lead to a future
security breach.
</p></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="adg-interface-programming-notes.html">Prev</a> </td><td width="20%" align="center"> </td><td width="40%" align="right"> <a accesskey="n" href="adg-security-library-calls.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">3.3. Programming notes </td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_ADG.html">Home</a></td><td width="40%" align="right" valign="top"> 4.1. Care about standard library calls</td></tr></table></div></body></html>