The Challenge

This is a page devoted to the adoration of people who have broken PAM. Would you like to have your name on this page? You have the source, feel free to try! Mail your exploit/patches to me or the Linux-PAM mailing list.

People that deserve your respect

The folowing people have found weaknesses in the Linux-PAM distribution. Thanks to their efforts Linux-PAM is a more secure package. Where available, we have indicated the fix that resulted from their investigations.

Holes in libpam

Werner Almesberger pointed out that advisory locking can lead to an pretty effective denail of service attack. Advisory locking was removed from Linux-PAM-0.52.

Holes in modules

Subtle security hole in pam_rhosts module found by Jacob Langford (Tue, 30 Sep 1997 11:03:05 -0500) and fix posted by Andrey V. Savochkin (Wed, 1 Oct 1997 11:49:04 +0300). The problem was concerned with successive calls to gethostbyname() and a failure to cache the results of previous calls.

Olaf Kirch took the time to scour the source for Linux-PAM 0.58. He uncovered a few subtle problems with a number of modules. All of these problems (besides one relating to IPv6) were fixed in the 0.63 release. [This was the next release (three days) after Olaf's posting.]

Michal Zalewski identified a permission manipulation problem with the pam_unix module (Dec 23, 1998 at 01:12:45PM +0100). Andrey V. Savochkin provided a patch (Thu, 24 Dec 1998 18:02:03 +0300) for this and a similar problem in pam_tally.

This page was last changed: 1998/12/24

Mail: Andrew Morgan (My PGP key is here)