I think the placement of the pam_keyinit.so in the pam files is incorrect?

Simo Sorce ssorce at redhat.com
Thu Dec 6 20:19:18 UTC 2007


On Thu, 2007-12-06 at 20:02 +0000, David Howells wrote:
> Simo Sorce <ssorce at redhat.com> wrote:
> 
> > > Now the next question is whether it should be called in su or sudo?
> > > Since wouldn't this remove access to my keying material?
> > 
> > Do you want sudo to really give you power over keying material?
> > Usually sudo is used to run programs just with a higher privilege on the
> > local machine, and never to obtain key material.
> 
> I think the question, really, is whether the sudo'd program should be able to
> use your keys or not, for instance to access a file you've given it as an
> argument.

Are you thinking a setuid program here ?
Or actually really a program run through sudo ?

Simo.

-- 
| Simo S Sorce |
| Sr.Soft.Eng. |
| Red Hat, Inc |
| New York, NY |




More information about the devel mailing list