Re: removing "su" from coreutils [Re: Fwd: [PULL] su

[Karel Zak]

On Thu, May 31, 2012 at 10:12:17AM +0200, Ludwig Nussel wrote:
> Mike Frysinger wrote:
> > On Wednesday 30 May 2012 09:50:57 Karel Zak wrote:
> >> [...]
> >> IMHO is better to use PAM everywhere than duplicate non-PAM code and
> >> assume that the code is correct and well tested. PAM is abstraction,
> >> the final configuration don't have to be complicated.
> > 
> > PAM is a complete waste of space on embedded devices and controlled 
> > systems.  
> > i'm not saying it isn't useful in many setups (perhaps even the majority), 
> > just that it is entirely unnecessary in a not insignificant number of other 
> > setups.
> 
> You could still use the PAM API and only implement the features
> necessary for shadow support. Ie PAM without pluggable modules :-) That
> way ugly ifdefs and code duplication could be avoided.

 Linux_PAM supports --enable-static-modules, not sure how usable is
 it, but it seems like a better way than duplicate any security
 sensitive code.

    Karel

-- 
 Karel Zak  <address@hidden>
 http://karelzak.blogspot.com