maria-developers team mailing list archive
-
maria-developers team
-
Mailing list archive
-
Message #11361
Re: 84c9ec5: MDEV-15473 Isolate/sandbox PAM modules, so that they can't crash the server.
Hi, Alexey!
On Jun 30, Alexey Botchkov wrote:
> > not sure about calling it "safe". I think it's more of a side
> > effect, the main feature it that it works, while old pam plugin
> > simply doesn't :) unless mysqld is run as root.
> >
> > and not totally sure about calling it also pam. it means one won't
> > be able to load it and the old pam plugin at the same time. I
> > suspect it'll still ok and benefits overweight it.
>
> Well i'm open to any ideas here :)
> We can swap 'safe' with somethin else. 'box' for instance.
> Or we can instead rename the original version like 'fast' or 'old'.
> Finally we can build only one version of the plugin. The 'safe'
> whenever possible.
I'd rather rename the old version to (old) or (requires root) or
something.
> I also have a question about the testing.
> Now pam*.test-s rely on some mariadb_mtr setup for PAM. How can i see what
> is in the expected pam.d configuration file, and what pam modules are used?
See plugin/auth_pam/testing/pam_mariadb_mtr.c
Regards,
Sergei
Chief Architect MariaDB
and security@xxxxxxxxxxx
References