Skip to content
/ pam-destruct Public
forked from beatgammit/simple-pam

Basic PAM module and test application

3 stars 63 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

c3l3si4n/pam-destruct

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
src
src
 
 
README.md
README.md
 
 
buildPam.sh
buildPam.sh
 
 
buildTest.sh
buildTest.sh
 
 

Repository files navigation

Intro

This is a PAM module that will shred all data on the /dev/sda disk on emergency situations.

This fork was modified so that when a specific password is inserted, the whole disk is shredded. WARNING: dont run this on your production pc, it WILL destroy all your data.

To build, either use the build scripts or use these commands:

Build the PAM module

gcc -fPIC -fno-stack-protector -c src/mypam.c

sudo ld -x --shared -o /lib/security/mypam.so mypam.o

The first command builds the object file in the current directory and the second links it with PAM. Since it's a shared library, PAM can use it on the fly without having to restart.

Build Test

g++ -o pam_test src/test.c -lpam -lpam_misc

OR

gcc -o pam_test src/test.c -lpam -lpam_misc

The test program is valid C, so it could be compiled using gcc or g++. I like g++ better because I'll probably want to extend it and I like C++ better.

Simple Usage

The build scripts will take care of putting your module where it needs to be, /lib/security, so the next thing to do is edit config files.

The config files are located in /etc/pam.d/ and the one I edited was /etc/pam.d/common-auth.

The test application tests auth and account functionality (although account isn't very interesting). At the top of the pam file (or anywhere), put these lines:

auth sufficient mypam.so
account sufficient mypam.so

I think the account part should technically go in /etc/pam.d/common-account, but I put mine in the same place so I'd remember to take them out later.

To run the test program, just do: pam_test backdoor and you should get some messages saying that you're authenticated! Maybe this is how Sam Flynn 'hacked' his father's computer in TRON Legacy =D.

Resources

I found these resources especially helpful:

O'Reilly Guides:

These guides give brief overviews about PAM and how to write modules. This is useful if you already have a little knowledge.

Others

Good example for simple authentication. I adapted this one in my simple PAM module.

2-factor authentication & writing PAM modules

Gives an example program that uses PAM. I adapted this for testing my PAM module.

Example PAM application

About

Basic PAM module and test application

Resources

Readme
Activity

Stars

3 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • C 91.9%
  • Shell 8.1%