Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Linux UID/GID 'Feature'

From: morgan () PARC POWER NET (Andrew G. Morgan)
Date: Sun, 11 May 1997 19:33:52 -0700

Jon Lewis wrote:

This looks like Red Hat PAM breakage.  I verified it works (gives root) on
my Red Hat 4.1 box, but it does not on any of my Slackware based boxes
that are shadow upgraded.


As has been pointed out, it is actually a libc problem.  The pam_unix_....so
modules use libc, so these modules will exhibit this unfortunate behavior.
Admins should beware that if libc has a hand in the process of changing a
user's password the corresponding UID entry in /etc/passwd will be
explicitly reset to 0.

Fortunately, pam_pwdb (a plug-in replacement for pam_unix_..), which does
not use libc for any authentication related actions, does not suffer from
this problem.  So Linux-PAM based systems can be made resistant to this
"administrative problem" by putting pam_pwdb in all the places that their
pam configuration refers to pam_unix_...

PS.  I'd really like to hear from anyone that _can_ break Linux-PAM in any
way...  [Use the "source" (Luke ;^)]

Cheers

Andrew
--
               Linux-PAM, libpwdb, Orange-Linux and Linux-GSS
                  http://parc.power.net/morgan/index.html
Previous By Date Next
Previous By Thread Next

Current thread: