On Wed, 13 Jun 2007, Jason Thorpe wrote:

>
> On Jun 13, 2007, at 10:01 AM, Christos Zoulas wrote:
>
>> In article <20070613135731.GE1779@britannica.bec.de>,
>> Joerg Sonnenberger  <joerg@britannica.bec.de> wrote:
>>> On Wed, Jun 13, 2007 at 07:19:28AM +0000, Emmanuel Dreyfus wrote:
>>>> Anyone sees an objection to the system-wide replacement of the pam_start
>>>> first argument (PAM service name) by __progname? I see only benefits 
>>>> here...
>>> 
>>> How does this interact with calling e.g. su with
>>> 	execlp("/usr/bin/su", "ftpd");
>>> 
>>> I think this creates a security issue.
>> 
>> Probably does...
>
> I agree.  I think it's safest for the app to hard-code the service name into 
> the call to avoid impersonation problems like this.  And we should fix sshd 
> to do so.

 	One variation might be to allow a different name if it starts with
 	the original name. eg, you can call ftpd 'ftpd-moose' or 'ftpd2',
 	but not 'myftpd'.

 	Taht is if the feature is deemed useful enough for the effort.

-- 
 		David/absolute       -- www.NetBSD.org: No hype required --