Software
skarnet.org

pamela

don't crack this root of mine

What is it ?

pamela stands for PAM Encapsulated Loading Architecture.

It is a library implementing Linux-PAM's security/pam_appl.h header, for applications to use instead of the default Linux-PAM security/pam_appl.h header. pamela wraps all PAM calls and deports them to a pamelad binary running as a child of the application, which performs the real calls to Linux-PAM.

The advantage of this setup is that it reduces the application's attack surface considerably. Instead of loading modules into the application's address space, PAM loads modules into the small, dedicated pamelad binary, whose main source code is less than 400 lines long. Also, if the application runs as root, the pamelad binary can run as an unprivileged user, so modules cannot be used for privilege elevation.


Installation

Requirements

Licensing

pamela is free software. It is available under the ISC license.

Download

Compilation

Upgrade notes


Reference

Commands

Libraries


Related resources

pamela discussion