pam 0.99
Kees Cook
kees at ubuntu.com
Mon Sep 10 16:14:47 BST 2007
On Mon, Sep 10, 2007 at 10:25:00AM +0100, Matt Zimmerman wrote:
> On Mon, Sep 10, 2007 at 08:59:50AM +0200, Tollef Fog Heen wrote:
> > * Kees Cook
> >
> > | On Fri, Sep 07, 2007 at 06:45:50PM +0100, Matt Zimmerman wrote:
> > | > On Wed, Sep 05, 2007 at 05:18:30PM -0700, Kees Cook wrote:
> > | > > Does anyone (Mithrandir?) remember why we're carrying the per-user
> > | > > .pam_environment file patch? That was the most extensive to port to the
> > | > > new code (the other Ubuntu changes were pretty trivial).
> > | >
> > | > I think this was low-hanging fruit added during the implementation of
> > | > one-true-path. It isn't essential functionality.
> >
> > I disagree, I think it's quite important for a user to be able to set
> > environment variables which take effect no matter how they log in.
> > (This means ~/.{zsh,bash}rc isn't suitable, nor is ~/.gnomerc.)
>
> I think it's *useful*, but I don't think it's *important*, as this
> functionality has traditionally been missing from UNIX-like systems.
I've already ported the patch, and the 1 bug about it has at least one
work-around (disable user_env in the pam configs), so since we've used
it until now, perhaps we should:
1) keep it
2) convince PAM upstream to take it
If they take it, we don't have to patch in the future, and if they have a
compelling reason for why it is wrong/evil, we can drop it in the future.
-Kees
--
Kees Cook
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/ubuntu-devel/attachments/20070910/b5598d77/attachment.pgp
More information about the ubuntu-devel
mailing list