Default sudo setup (Was: Re: The Future of Fedora.)
Shahms E. King
shahms at shahms.com
Wed Dec 10 22:38:10 UTC 2003
> Well, is it in bugzilla? :-)
>
> Hmm, when I did it, pam read the xauth contents and piped them through
> to xauth in the next context so no filesystem confusion existed. I
> haven't touched it for something like 3 years, though, so things may
> have changed.
I can add it to bugzilla, but I don't think it's actually a pam_xauth
bug. pam_xauth is running under the assumption that the context that
it's forwarding the cookies to is going to be the actual execution
context; in the case of userhelper, that's just not true. In fact, I'm
pretty sure pam_xauth is behaving correctly and that userhelper is
"behaving badly" by authenticating and setting up a session (mostly the
last part) as one user and then executing as another. In the '<user>'
case, is it possible to authenticate against the user and then open the
session for root? Admittedly, even that is having userhelper handle
things that probably should be done by another PAM module, but at least
it would get the correct behavior in this case.
--
--Shahms
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20031210/7b8176b4/attachment-0002.bin
More information about the devel
mailing list