1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
|
<!DOCTYPE html>
<html>
<head>
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="Content-Language" content="en" />
<title>pamela - a secure PAM implementation</title>
<meta name="Description" content="pamela - a secure PAM implementation" />
<meta name="Keywords" content="pamela PAM linux pluggable authentication modules unix login laurent bercot skarnet" />
<!-- <link rel="stylesheet" type="text/css" href="//skarnet.org/default.css" /> -->
</head>
<body>
<p>
<a href="//skarnet.org/software/">Software</a><br />
<a href="//skarnet.org/">skarnet.org</a>
</p>
<h1> pamela </h1>
<p style="text-align:right;"><small><em>don't crack this root of mine</em></small></p>
<h2> What is it ? </h2>
<p>
pamela stands for PAM Encapsulated Loading Architecture.
</p>
<p>
It is a library implementing Linux-PAM's
<a href="http://www.linux-pam.org/Linux-PAM-html/adg-interface-by-app-expected.html"><tt>security/pam_appl.h</tt></a>
header, for applications to use instead of the default Linux-PAM
<tt>security/pam_appl.h</tt> header. pamela wraps all PAM calls and
deports them to a <a href="pamelad.html">pamelad</a> binary running
as a child of the application, which performs the real calls to
Linux-PAM.
</p>
<p>
The advantage of this setup is that it reduces the application's
attack surface considerably. Instead of loading modules into the
application's address space, PAM loads modules into the small,
dedicated pamelad binary, whose main source code is less than 400
lines long. Also, if the application runs as root, the pamelad
binary can run as an unprivileged user, so modules cannot be used
for privilege elevation.
</p>
<hr />
<ul>
<li> <a href="building.html">How to build an application with pamela</a> </li>
</ul>
<hr />
<h2> Installation </h2>
<h3> Requirements </h3>
<ul>
<li> A POSIX-compliant system with a standard C development environment,
that supports Linux-PAM - (so, probably a Linux system) </li>
<li> GNU make, version 3.81 or later </li>
<li> <a href="//skarnet.org/software/skalibs/">skalibs</a> version
2.14.0.0 or later. It's a build-time requirement and a run-time
requirement. </li>
<li> <a href="http://www.linux-pam.org/">Linux-PAM</a> version 1.3.0
or later. It's a build-time requirement and a run-time requirement. </li>
</ul>
<h3> Licensing </h3>
<p>
pamela is free software. It is available under the
<a href="http://opensource.org/licenses/ISC">ISC license</a>.
</p>
<h3> Download </h3>
<ul>
<li> <!-- The current released version of pamela is <a href="pamela-0.0.1.0.tar.gz">0.0.1.0</a>. -->
pamela is in maintenance mode; there is no numbered version, and it is
unfortunately likely that there will never be one. Given how most PAM-using
projects are written, chances are that pamela will not help; sanitizing PAM
is really more about changing the programming habits of its users to use
component isolation than it is about actual isolation software.
</li>
<li> You can checkout a copy of the
<a href="//git.skarnet.org/cgi-bin/cgit.cgi/pamela/">pamela
git repository</a>:
<pre> git clone git://git.skarnet.org/pamela </pre> </li>
<li> There's also a
<a href="https://github.com/skarnet/pamela">GitHub mirror</a>
of the pamela git repository. </li>
</ul>
<h3> Compilation </h3>
<ul>
<li> See the enclosed INSTALL file for installation details. </li>
<li> Please note that the build process expects <tt>security/pam_appl.h</tt>
to be a Linux-PAM header. Because of this, pamela's <tt>make install</tt>
does not overwrite <tt>security/pam_appl.h</tt>; instead, the header
exposing PAM functionality is named <tt>pamela/pam.h</tt>. When you are
positive you can replace the <tt>security/pam_appl.h</tt> header,
the <tt>make install-symlink</tt> command will do it for you. </li>
</ul>
<h3> Upgrade notes </h3>
<ul>
<li> <a href="upgrade.html">This page</a> lists the differences to be aware of between
the previous versions of pamela and the current one. </li>
</ul>
<hr />
<h2> Reference </h2>
<h3> Commands </h3>
<ul>
<li><a href="pamelad.html">The <tt>pamelad</tt> internal program</a></li>
</ul>
<h3> Libraries </h3>
<ul>
<li> <a href="building.html">How to build an application with pamela</a> </li>
<li> <a href="http://www.linux-pam.org/Linux-PAM-html/adg-interface-by-app-expected.html">The
public interface to Linux-PAM</a> is implemented by the pamela library. </li>
</ul>
<hr />
<a name="related">
<h2> Related resources </h2>
</a>
<h3> pamela discussion </h3>
<ul>
<li> <tt>pamela</tt> is discussed on the
<a href="//skarnet.org/lists/#skaware">skaware</a> mailing-list. </li>
</ul>
</body>
</html>
|
