Linux server.nvwebsoft.co.in 3.10.0-1160.114.2.el7.x86_64 #1 SMP Wed Mar 20 15:54:52 UTC 2024 x86_64
Apache
: 162.240.12.249 | : 18.217.237.68
202 Domain
8.1.31
nbspublicschool
www.github.com/MadExploits
Terminal
AUTO ROOT
Adminer
Backdoor Destroyer
Linux Exploit
Lock Shell
Lock File
Create User
CREATE RDP
PHP Mailer
BACKCONNECT
UNLOCK SHELL
HASH IDENTIFIER
CPANEL RESET
CREATE WP USER
README
+ Create Folder
+ Create File
/
usr /
share /
doc /
pam-devel-1.1.8 /
html /
[ HOME SHELL ]
Name
Size
Permission
Action
Linux-PAM_ADG.html
8.41
KB
-rw-r--r--
Linux-PAM_MWG.html
8.59
KB
-rw-r--r--
adg-author.html
3.02
KB
-rw-r--r--
adg-copyright.html
3.54
KB
-rw-r--r--
adg-example.html
3.59
KB
-rw-r--r--
adg-files.html
2.18
KB
-rw-r--r--
adg-glossary.html
3.21
KB
-rw-r--r--
adg-interface-by-app-expected....
61.01
KB
-rw-r--r--
adg-interface-of-app-expected....
8.26
KB
-rw-r--r--
adg-interface-programming-note...
2.55
KB
-rw-r--r--
adg-interface.html
4.9
KB
-rw-r--r--
adg-introduction-description.h...
3.29
KB
-rw-r--r--
adg-introduction-synopsis.html
2.62
KB
-rw-r--r--
adg-introduction.html
2.01
KB
-rw-r--r--
adg-libpam-functions.html
13.13
KB
-rw-r--r--
adg-libpam_misc.html
3.34
KB
-rw-r--r--
adg-overview.html
8.16
KB
-rw-r--r--
adg-porting.html
4.2
KB
-rw-r--r--
adg-security-conv-function.htm...
2.29
KB
-rw-r--r--
adg-security-library-calls.htm...
3.13
KB
-rw-r--r--
adg-security-resources.html
2.83
KB
-rw-r--r--
adg-security-service-name.html
4.43
KB
-rw-r--r--
adg-security-user-identity.htm...
5.38
KB
-rw-r--r--
adg-security.html
3.73
KB
-rw-r--r--
adg-see-also.html
2.16
KB
-rw-r--r--
mwg-author.html
3
KB
-rw-r--r--
mwg-copyright.html
3.52
KB
-rw-r--r--
mwg-example.html
1.96
KB
-rw-r--r--
mwg-expected-by-module-item.ht...
45.36
KB
-rw-r--r--
mwg-expected-by-module-other.h...
8.15
KB
-rw-r--r--
mwg-expected-by-module.html
4.02
KB
-rw-r--r--
mwg-expected-of-module-acct.ht...
6.05
KB
-rw-r--r--
mwg-expected-of-module-auth.ht...
10.73
KB
-rw-r--r--
mwg-expected-of-module-chautht...
7.8
KB
-rw-r--r--
mwg-expected-of-module-overvie...
6.28
KB
-rw-r--r--
mwg-expected-of-module-session...
6.98
KB
-rw-r--r--
mwg-expected-of-module.html
4.27
KB
-rw-r--r--
mwg-introduction-description.h...
3.88
KB
-rw-r--r--
mwg-introduction-synopsis.html
1.98
KB
-rw-r--r--
mwg-introduction.html
1.98
KB
-rw-r--r--
mwg-see-also.html
2.18
KB
-rw-r--r--
mwg-see-options.html
2.92
KB
-rw-r--r--
mwg-see-programming-libs.html
2.94
KB
-rw-r--r--
mwg-see-programming-sec.html
8.92
KB
-rw-r--r--
mwg-see-programming-syslog.htm...
4.63
KB
-rw-r--r--
mwg-see-programming.html
3
KB
-rw-r--r--
Delete
Unzip
Zip
${this.title}
Close
Code Editor : adg-security-service-name.html
<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>4.2. Choice of a service name</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="Linux-PAM_ADG.html" title="The Linux-PAM Application Developers' Guide"><link rel="up" href="adg-security.html" title="Chapter 4. Security issues of Linux-PAM"><link rel="prev" href="adg-security-library-calls.html" title="4.1. Care about standard library calls"><link rel="next" href="adg-security-conv-function.html" title="4.3. The conversation function"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">4.2. Choice of a service name</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="adg-security-library-calls.html">Prev</a> </td><th width="60%" align="center">Chapter 4. Security issues of <span class="emphasis"><em>Linux-PAM</em></span> </th><td width="20%" align="right"> <a accesskey="n" href="adg-security-conv-function.html">Next</a></td></tr></table><hr></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="adg-security-service-name"></a>4.2. Choice of a service name</h2></div></div></div><p> When picking the <span class="emphasis"><em>service-name</em></span> that corresponds to the first entry in the <span class="emphasis"><em>Linux-PAM</em></span> configuration file, the application programmer should <span class="emphasis"><em>avoid</em></span> the temptation of choosing something related to <code class="varname">argv[0]</code>. It is a trivial matter for any user to invoke any application on a system under a different name and this should not be permitted to cause a security breach. </p><p> In general, this is always the right advice if the program is setuid, or otherwise more privileged than the user that invokes it. In some cases, avoiding this advice is convenient, but as an author of such an application, you should consider well the ways in which your program will be installed and used. (Its often the case that programs are not intended to be setuid, but end up being installed that way for convenience. If your program falls into this category, don't fall into the trap of making this mistake.) </p><p> To invoke some <span class="emphasis"><em>target</em></span> application by another name, the user may symbolically link the target application with the desired name. To be precise all the user need do is, <span class="command"><strong>ln -s /target/application ./preferred_name</strong></span> and then run <span class="command"><strong>./preferred_name</strong></span>. </p><p> By studying the <span class="emphasis"><em>Linux-PAM</em></span> configuration file(s), an attacker can choose the <span class="command"><strong>preferred_name</strong></span> to be that of a service enjoying minimal protection; for example a game which uses <span class="emphasis"><em>Linux-PAM</em></span> to restrict access to certain hours of the day. If the service-name were to be linked to the filename under which the service was invoked, it is clear that the user is effectively in the position of dictating which authentication scheme the service uses. Needless to say, this is not a secure situation. </p><p> The conclusion is that the application developer should carefully define the service-name of an application. The safest thing is to make it a single hard-wired name. </p></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="adg-security-library-calls.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="adg-security.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="adg-security-conv-function.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">4.1. Care about standard library calls </td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_ADG.html">Home</a></td><td width="40%" align="right" valign="top"> 4.3. The conversation function</td></tr></table></div></body></html>
Close