Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Redhat's default permissions for pam security directive files in /etc/pam.d have permissions set root: all group: read world: read. In the interest of security I'd really prefer that the files aren't even readable, so when I start tinkering with required directives unauthorized users won't even be able to check my changes.
How restrictive can I make the permissions on these files and still have PAM able to use them? Does PAM run as a system-level process and/or root level at all times so it can read files only authorized for root-level access of any sort?
i tried it on my SuSE-System, removed the permissions except root and it worked.
But you should test it with root logged in, to change it back if it doesn't work for you.
I've made the changes myself; I'll be using the system daily and extensively from here on out, and I'll post any problems if/as they arise. However, if this DOES work, I don't see why it shouldn't be the default option for these config files. Letting unauthorized people look at what security is being implemented for various commands just seems like another opportunity for exploitation.
What the RFC says:
"Security of the configuration file:
Since the policy file dictates how the user is authenticated,
this file should be protected from unauthorized modifications."
That's all.
Maybe you're right. But only if you can read the configs, you can't know how to compromise the system, i think.
PAM doesn't let the application know, which module has failed during authentication, so you can't see where's the vulnerability. Also, PAM doesn't ask for the password a second time, if it fails.
That's only my thought, but you could be right and nobody should be able to read the config except root.
That's the idea; PAM is good about hiding which modules and metrics you are using for authentication, but if its config files are world-readable (as they are in a default Fedora Core 4 installation) than the obscurity of which pam modules are being used is...not very obscured.
Merits or faults of obscurity aside, this could be one more added layer of protection when using PAM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
