On Wed, 2007-12-19 at 11:16 -0500, Nalin Dahyabhai wrote:
I recommend against using PAM as a place to be launching arbitrary
processes. The environment in which a module runs is just way too
underspecified to be dependable for doing that.
Environment, privilege level, signal handling, none of it's guaranteed
by the specification [1]. If you fork a process (from a module, which
is loaded by a shared library, with the calling application having no
idea of what to expect), you have to be _very_ careful about how you do
it, and how you handle its termination, and how all of that interacts
with what the calling appliction's already doing.
Exactly.
Even for the modules which are careful about this, we still run into
bugs. And many modules aren't careful.
True. Although it doesn't mean that
a module cannot be written safely
and carefully.
Sure, maybe we need something that'll serve the function of
launching
random stuff for you when you log in, but I don't think that PAM is it.
As I
said in the other mail PAM might be it if you really need a root
access but otherwise I agree.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb