Four security (and related) questions
In etc/imapd.conf I see lines like this:
Quote:
Quote:
Quote:
Q2: I know what $ISA is all about - what a hack! - but ISA is not an environmental variable, so where does it come from? Q3: For those people (like me) who do not have source header files, is there a standard, universal argument to get daemons to dump their default settings? And, if not, wouldn't it be a good idea to add such a standard, universal argument? Q4: In PAM, what is processed first: auth, account, password, or session? (Note: wouldn't it make sense to pam_warn only the one that's processed first?) Thanks -- Mark |
Hi Mark,
A1. There is no standard because the format of these files is different for each application, it is whatever the developer wants it to be. A2. It's a variable specifically used by the application, variables don't have to exist globally. A3. No, there isn't. It may be a good idea but I don't think you'll get every possible development group/individual to agree with you. There are GNU coding standards http://www.gnu.org/prep/standards/ as well, but who's going to enforce adherence ? These are guidelines not laws... A4. None... only the group that applies to the request is processed good luck on your journey, kbp |
What kbp said is true, but I'm going to try to expand a bit here:
Quote:
Quote:
Quote:
Quote:
|
Thank you gentlemen. May I follow up on one point?
Quote:
|
the chance of getting hacked is very low in linux
and not that high in windows with a decent firewall as for viruses a big problem alsmost non existant in linux |
Regarding paths in directives...
in my system, /etc/pam.d/sshd (in part) shows this: Quote:
Quote:
|
Quote:
|
Quote:
|
Quote:
Most of the time, you should be fine with the shortname. |
I hesitate to press the point as you obviously are a generous person, but I'm honestly mystified.
Quote:
It seems that /etc/pam.d/sshd somehow knows that, in a directive like "auth required pam_stack.so service=system-auth", pam_stack.so is located at /lib/security/$ISA/pam_stack.so. How does it know that? And if PAM has such a mechanism that somehow knows it, why does /etc/pam.d/other use full paths? Is it that I'm just missing something. Thanks for your time. Ciao -- Mark |
Quote:
http://osdir.com/ml/linux.pam/2007/msg00401.html |
All times are GMT -5. The time now is 09:18 AM. |