From owner-freebsd-security@FreeBSD.ORG Sat Jul 14 18:33:36 2007 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A501016A402 for ; Sat, 14 Jul 2007 18:33:36 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.freebsd.org (Postfix) with ESMTP id 7D51F13C471 for ; Sat, 14 Jul 2007 18:33:36 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id B6D6F475EA; Sat, 14 Jul 2007 14:33:35 -0400 (EDT) Date: Sat, 14 Jul 2007 19:33:35 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Garrett Wollman In-Reply-To: <18073.3478.284631.986914@hergotha.csail.mit.edu> Message-ID: <20070714193149.N91807@fledge.watson.org> References: <46985815.3060308@os2.kiev.ua> <20070714164146.Q80803@fledge.watson.org> <18073.3478.284631.986914@hergotha.csail.mit.edu> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-security@freebsd.org Subject: Re: OpenBSM questions X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 Jul 2007 18:33:36 -0000 On Sat, 14 Jul 2007, Garrett Wollman wrote: > < said: > >> This is correct -- login services must be modified to properly set up user >> audit state at login. I am not familiar with work relating to this with >> xdm, kdm, gdm, etc, but it would be very good to see this happen. > > Surely this is something that belongs in a PAM module...? The whole point > of the PAM framework is that you should *not* have to modify every program > that does a login when new mechanisms are introduced or policy changes. Setting login state is not the only thing that audit does. Audit requirements also exist to audit failures in the login process that may be entirely unrelated to authentication. That said, I'm not 100% sure that the audit state, leaving aside the auditing of login events, couldn't be done in a PAM module. An interesting question is why the rest of the UNIX credential is also not set up using PAM -- see calls to setlogin(2), setusercontext(3), etc, in login.c and other things involved in login. Robert N M Watson Computer Laboratory University of Cambridge