[Bug 214540] pam_exec isn't multithreading save

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Mon Dec 5 15:25:24 UTC 2016


--- Comment #2 from Jan Bramkamp <crest at bultmann.eu> ---
I found one case where the same issue in the Linux PAM pam_exec module broke
vsftpd and vsftpd had to workaround the problem because afaik Linux lacks the
required API to avoid this problem completely. I know that pam_exec is a hack
and should only be used for testing or after very careful analysis on the other
hand the documentation doesn't warn users about the problem and it's a nasty
layering violation that blow up into the system administrators face and I don't
want to be the poor bastard how has to debug this under time pressure. The PAM
policy isn't supposed to inject race conditions into otherwise "working"

Pointing to a "non-normative recommendation" won't help users bitten by this
problem. My problem with this is that it's a accident waiting to happen and
FreeBSD has the APIs to avoid this whole bug class. To make it worse the ones
who will run into the problem (system admins) are often incapable of debugging
and patching applications complex enough to use pthreads and PAM.

You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-threads mailing list