From my mug.org talk. You want more on PAM? Get my PAM book.
4 Replies to ““PAM is Un-American” talk now online”
Comments are closed.
Gleefully Malicious Books
Gleefully Malicious Books
From my mug.org talk. You want more on PAM? Get my PAM book.
Comments are closed.
How the fuck does pam_exec handle zombies if it can’t register a SIGCHLD handler? Recent FreeBSD versions might support process descriptor and offer pdfork(2) and can notify threads about the exit status with EVFILT_PROCDESC, but how can it even be implemented correctly on other platforms? Is the application supposed to fork and provide a SIGCHLD handler in the child process?
Yet another reason why pam_exec isn’t good practice. Write a module, or use modules other folks have written.
I looked into pam_exec.c and want to cry. It uses vfork(2) (hopefully correctly as vfork is quite difficult to use correctly) followed by waitpid(2) in a retry loop (to handle EINTR). Of course an other thread could reap the child process first in which case pam_exec fails with PAM_SYSTEM_ERR. So reaping child processes quickly in a multithreaded application is a system error go figure.