aboutsummaryrefslogtreecommitdiffstats
pamela - a secure PAM implementation

Software
skarnet.org

pamela

don't crack this root of mine

What is it ?

pamela stands for PAM Encapsulated Loading Architecture.

It is a library implementing Linux-PAM's security/pam_appl.h header, for applications to use instead of the default Linux-PAM security/pam_appl.h header. pamela wraps all PAM calls and deports them to a pamelad binary running as a child of the application, which performs the real calls to Linux-PAM.

The advantage of this setup is that it reduces the application's attack surface considerably. Instead of loading modules into the application's address space, PAM loads modules into the small, dedicated pamelad binary, whose main source code is less than 400 lines long. Also, if the application runs as root, the pamelad binary can run as an unprivileged user, so modules cannot be used for privilege elevation.

Installation

Requirements

  • A POSIX-compliant system with a standard C development environment, that supports Linux-PAM - (so, probably a Linux system)
  • GNU make, version 3.81 or later
  • skalibs version 2.6.3.2 or later. It's a build-time requirement and a run-time requirement.
  • Linux-PAM version 1.3.0 or later. It's a build-time requirement and a run-time requirement.

Licensing

pamela is free software. It is available under the ISC license.

Download

  • pamela is a work in progress: there is no numbered version yet.
  • You can checkout a copy of the pamela git repository: 
     git clone git://git.skarnet.org/pamela
  • There's also a GitHub mirror of the pamela git repository.

Compilation

  • See the enclosed INSTALL file for installation details.
  • Please note that the build process expects security/pam_appl.h to be a Linux-PAM header. Because of this, pamela's make install does not overwrite security/pam_appl.h; instead, the header exposing PAM functionality is named pamela/pam.h. When you are positive you can replace the security/pam_appl.h header, the make install-symlink command will do it for you.

Upgrade notes

  • This page lists the differences to be aware of between the previous versions of pamela and the current one.

Reference

Commands

Libraries

Related resources

pamela discussion

  • pamela is discussed on the skaware mailing-list.
generated by cgit v1.3.1 (git 2.54.0) at 2026-06-25 17:44:19 +0000