File: 41.html

package info (click to toggle)
lg-issue48 2-1
links: PTS
area: main
in suites: sarge
size: 2,284 kB
ctags: 139
sloc: xml: 324; makefile: 34; sh: 34
file content (235 lines) | stat: -rw-r--r-- 9,709 bytes
<!--startcut ======================================================= -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<html>
<head>
<META NAME="generator" CONTENT="lgazmail v1.3A.e">
<TITLE>The Answer Guy 48: PAM applications running as root (Was Re: WebTrends Enterprise Reporting Server)</TITLE>
</HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"
	LINK="#3366FF" VLINK="#A000A0">
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<H4>"The Linux Gazette...<I>making Linux just a little more fun!</I>"</H4>
<P> <hr> <P>
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<center>
<H1><A NAME="answer">
	<img src="../../gx/dennis/qbubble.gif" alt="(?)" 
		border="0" align="middle">
	<font color="#B03060">The Answer Guy</font>
	<img src="../../gx/dennis/bbubble.gif" alt="(!)" 
		border="0" align="middle">
</A></H1> 
<BR>
<H4>By James T. Dennis,
	<a href="mailto:linux-questions-only@ssc.com">linux-questions-only@ssc.com</a><BR>
	LinuxCare,
	<A HREF="http://www.linuxcare.com/">http://www.linuxcare.com/</A> 
</H4>
</center>

<p><hr><p>
<!--  endcut ======================================================= -->
<!-- begin 41 -->
<H3 align="left"><img src="../../gx/dennis/qbubble.gif" 
	height="50" width="60" alt="(?) " border="0"
	>PAM applications running as root (Was Re: WebTrends Enterprise Reporting Server)</H3>


<p><strong>From Darren Moffat on Sun, 17 Oct 1999  
</strong></p>
<P><STRONG><FONT COLOR="#000066"><EM>
You can run the server as root or as some other user. In order to
use PAM (Pluggable Authentication Module) it has to run as root.
</EM></FONT></STRONG></P>
<P><STRONG>
A general comment about PAM rather than this specific problem.
</STRONG></P>
<P><STRONG>
It is NOT a requirement of the PAM framework that application be
running as root.  There are two cases though that make login type
applications need to run as root.
</STRONG></P>
<P><STRONG>
1) The password is stored in <TT>/etc/shadow</TT> which only root can read
</STRONG></P>
<P><STRONG>
If the password was in NIS/NIS+/LDAP then the authentication
could succeed are an ordinary user.
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Actually it should be possible for <TT>/etc/shadow</TT> to be
group readable and associated with a "shadow" or "auth"
group.  Then SGID programs could authenticate against it.
</BLOCKQUOTE>
<BLOCKQUOTE>
A different level of access could be required to
modify it (that would presumably be reserved for root,
since the ability to modify the <TT>/etc/shadow</TT> and <TT>/etc/passwd</TT>
files on those systems that are configured to honor local
files will consitute root access in any event).
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
2) the login application needs to make setuid/setgid calls this
</STRONG></P>
<P><STRONG>
usually happens in the application after PAM authentication has
been completed and is thus nothing to do with PAM.
</STRONG></P>
<P><STRONG>
If the OS has privileges/capabilities then the application would
assert PROC_SETID/CAP_SETID instead of being root to make the
setuid/setgid calls.
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Linux 2.2 has privs implemented in the kernel.  There is,
as yet, no filesystem system support for storing the
priv. bitfield metadata.  So, anyone wishing to "capify"
the Linux authentication system would have to do so through
wrappers.
</BLOCKQUOTE>
<BLOCKQUOTE>
I'm personally disappointed by the lack of progress in
this field.
</BLOCKQUOTE>
<BLOCKQUOTE>
It seems that we should have at least attained the ability
to emulate BSD securelevel (wrapper or patches to init(8))
and to limit certain well-defined daemons (like xntpd,
routed/gated, syslogd) to their specific priv sets (set
time, modify routing tables, bind to priv ports).
</BLOCKQUOTE>
<BLOCKQUOTE>
We should be able to use the immutable and append-only
filesystem attributes, the read-only mount option and the
<TT>chroot()</TT> system calls as rootsafe security features and we
should be able to audit many (traditionally root run
processes) daemons and SUID utilities in terms of their
"most damage from subversion."
</BLOCKQUOTE>
<BLOCKQUOTE>
Well, it looks like I have to do some coding on this myself.
(One look at my code should scare some others into doing it
right!)
</BLOCKQUOTE>
<BLOCKQUOTE>
BTW: Does Solaris implement POSIX.1e "capabilities"
(privs)?  How about HP-UP, AIX, et al?  Are those in the
mainstream OS APIs or are they only available in "Trusted"
(MLS/CMW) versions?
</BLOCKQUOTE>

<!-- sig -->

<!-- end 41 -->
<!--startcut ======================================================= -->
<P> <hr> <P>
<H5 align="center"><a href="http://www.linuxgazette.com/copying.html"
	>Copyright &copy;</a> 1999, James T. Dennis 
<BR>Published in <I>The Linux Gazette</I> Issue 48 December 1999</H5>
<H6 ALIGN="center">HTML transformation  by
	<A HREF="mailto:star@starshine.org">Heather Stern</a> of
	Starshine Technical Services,
	<A HREF="http://www.starshine.org/">http://www.starshine.org/</A> 
</H6>
<P> <hr> <P>
<!-- begin tagnav ::::::::::::::::::::::::::::::::::::::::::::::::::-->
<TABLE WIDTH="95%"><TR VALIGN="center" ALIGN="center">
<TD colspan="2" rowspan="2"><A 
	HREF="../lg_answer48.html"
	><IMG SRC="../../gx/dennis/answernew.gif"
              ALT="[ Answer Guy Current Index ]"></A>
<TD colspan="2" rowspan="2"><A 
	HREF="../../tag/kb.html"
	><IMG SRC="../../gx/dennis/answertoc.gif"
              ALT="[ Index of Past Answers ]"></A></td>
  <TD WIDTH="11%"><A HREF="../lg_answer48.html#greeting"><img
	src="../../gx/dennis/smily.gif" alt="greetings" border="0"></A></TD>
  <TD WIDTH="11%"><A HREF="1.html">1</A></TD>
  <TD WIDTH="11%"><A HREF="2.html">2</A></TD>
  <TD WIDTH="11%"><A HREF="3.html">3</A></TD>
  <TD WIDTH="11%"><A HREF="4.html">5</A></TD>
</TR><TR VALIGN="center" ALIGN="center">
  <TD WIDTH="11%"><A HREF="5.html">5</A></TD>
  <TD WIDTH="11%"><A HREF="6.html">6</A></TD>
  <TD WIDTH="11%"><A HREF="7.html">7</A></TD>
  <TD WIDTH="11%"><A HREF="8.html">8</A></TD>
  <TD WIDTH="11%"><A HREF="9.html">9</A></TD>
</TR><TR VALIGN="center" ALIGN="center">
  <TD WIDTH="10%"><A HREF="10.html">10</A></TD>
  <TD WIDTH="10%"><A HREF="11.html">11</A></TD>
  <TD WIDTH="10%"><A HREF="12.html">12</A></TD>
  <TD WIDTH="10%"><A HREF="13.html">13</A></TD>
  <TD WIDTH="11%"><A HREF="14.html">14</A></TD>
  <TD WIDTH="11%"><A HREF="15.html">15</A></TD>
  <TD WIDTH="11%"><A HREF="16.html">16</A></TD>
  <TD WIDTH="11%"><A HREF="17.html">17</A></TD>
  <TD WIDTH="11%"><A HREF="18.html">18</A></TD>
</TR><TR VALIGN="center" ALIGN="center">
  <TD WIDTH="10%"><A HREF="19.html">19</A></TD>
  <TD WIDTH="10%"><A HREF="20.html">20</A></TD>
  <TD WIDTH="10%"><A HREF="21.html">21</A></TD>
  <TD WIDTH="10%"><A HREF="22.html">22</A></TD>
  <TD WIDTH="11%"><A HREF="23.html">23</A></TD>
  <TD WIDTH="11%"><A HREF="24.html">24</A></TD>
  <TD WIDTH="11%"><A HREF="25.html">25</A></TD>
  <TD WIDTH="11%"><A HREF="26.html">26</A></TD>
  <TD WIDTH="11%"><A HREF="27.html">27</A></TD>
</TR><TR VALIGN="center" ALIGN="center">
  <TD WIDTH="10%"><A HREF="28.html">28</A></TD>
  <TD WIDTH="10%"><A HREF="29.html">29</A></TD>
  <TD WIDTH="10%"><A HREF="30.html">30</A></TD>
  <TD WIDTH="10%"><A HREF="31.html">31</A></TD>
  <TD WIDTH="11%"><A HREF="32.html">32</A></TD>
  <TD WIDTH="11%"><A HREF="33.html">33</A></TD>
  <TD WIDTH="11%"><A HREF="34.html">34</A></TD>
  <TD WIDTH="11%"><A HREF="35.html">35</A></TD>
  <TD WIDTH="11%"><A HREF="36.html">36</A></TD>
</TR><TR VALIGN="center" ALIGN="center">
  <TD WIDTH="10%"><A HREF="37.html">37</A></TD>
  <TD WIDTH="10%"><A HREF="38.html">38</A></TD>
  <TD WIDTH="10%"><A HREF="39.html">39</A></TD>
  <TD WIDTH="10%"><A HREF="40.html">40</A></TD>
  <TD WIDTH="11%"><A HREF="41.html">41</A></TD>
  <TD WIDTH="11%"><A HREF="42.html">42</A></TD>
  <TD WIDTH="11%"><A HREF="43.html">43</A></TD>
  <TD WIDTH="11%"><A HREF="44.html">44</A></TD>
  <TD WIDTH="11%"><A HREF="45.html">45</A></TD>
</TR><TR VALIGN="center" ALIGN="center">
  <TD WIDTH="10%"><A HREF="46.html">46</A></TD>
  <TD WIDTH="10%"><A HREF="47.html">47</A></TD>
  <TD WIDTH="10%"><A HREF="48.html">48</A></TD>
  <TD WIDTH="10%"><A HREF="49.html">49</A></TD>
  <TD WIDTH="11%"><A HREF="50.html">50</A></TD>
  <TD WIDTH="11%"><A HREF="51.html">51</A></TD>
  <TD WIDTH="11%"><A HREF="52.html">52</A></TD>
  <TD WIDTH="11%"><A HREF="53.html">53</A></TD>
  <TD WIDTH="11%"><A HREF="54.html">54</A></TD>
</TR><TR VALIGN="center" ALIGN="center">
  <TD colspan="3"><A HREF="55.html">55</A></TD>
  <TD colspan="3"><A HREF="56.html">56</A></TD>
  <TD colspan="3"><A HREF="57.html">57</A></TD>
</TR></TABLE>
</TR><TR VALIGN="center" ALIGN="center">
<!-- end tagnav ::::::::::::::::::::::::::::::::::::::::::::::::::::-->
<P> <hr> <P>
<!-- begin lgnav ::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<A HREF="../index.html"
	><IMG SRC="../../gx/indexnew.gif" ALT="[ Table Of Contents ]"></A>
<A HREF="../../index.html"
	><IMG SRC="../../gx/homenew.gif" ALT="[ Front Page ]"></A>
<A HREF="../lg_bytes48.html"
	><IMG SRC="../../gx/back2.gif" ALT="[ Previous Section ]"></A>
<A HREF="../../faq/index.html"
	><IMG SRC="../../gx/dennis/faq.gif"
              ALT="[ Linux Gazette FAQ ]"></A>
<A HREF="../lg_tips48.html"
	><IMG SRC="../../gx/fwd.gif" ALT="[ Next Section ]"></A>
<!-- end lgnav ::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
</BODY></HTML>
<!--endcut ========================================================= -->