Software
skarnet.org
pamela
don't crack this root of mine
What is it ?
pamela stands for PAM Encapsulated Loading Architecture.
It is a library implementing Linux-PAM's
security/pam_appl.h
header, for applications to use instead of the default Linux-PAM
security/pam_appl.h header. pamela wraps all PAM calls and
deports them to a pamelad binary running
as a child of the application, which performs the real calls to
Linux-PAM.
The advantage of this setup is that it reduces the application's
attack surface considerably. Instead of loading modules into the
application's address space, PAM loads modules into the small,
dedicated pamelad binary, whose main source code is less than 400
lines long. Also, if the application runs as root, the pamelad
binary can run as an unprivileged user, so modules cannot be used
for privilege elevation.
Installation
Requirements
- A POSIX-compliant system with a standard C development environment,
that supports Linux-PAM - (so, probably a Linux system)
- GNU make, version 3.81 or later
- skalibs version
2.6.3.2 or later. It's a build-time requirement and a run-time
requirement.
- Linux-PAM version 1.3.0
or later. It's a build-time requirement and a run-time requirement.
Licensing
pamela is free software. It is available under the
ISC license.
Download
Compilation
- See the enclosed INSTALL file for installation details.
- Please note that the build process expects security/pam_appl.h
to be a Linux-PAM header. Because of this, pamela's make install
does not overwrite security/pam_appl.h; instead, the header
exposing PAM functionality is named pamela/pam.h. When you are
positive you can replace the security/pam_appl.h header,
the make install-symlink command will do it for you.
Upgrade notes
- This page lists the differences to be aware of between
the previous versions of pamela and the current one.
Reference
Commands
Libraries
Related resources
pamela discussion
- pamela is discussed on the
skaware mailing-list.