don't crack this root of mine
What is it ?
pamela stands for PAM Encapsulated Loading Architecture.
It is a library implementing Linux-PAM's
header, for applications to use instead of the default Linux-PAM
security/pam_appl.h header. pamela wraps all PAM calls and
deports them to a pamelad binary running
as a child of the application, which performs the real calls to
The advantage of this setup is that it reduces the application's
attack surface considerably. Instead of loading modules into the
application's address space, PAM loads modules into the small,
dedicated pamelad binary, whose main source code is less than 400
lines long. Also, if the application runs as root, the pamelad
binary can run as an unprivileged user, so modules cannot be used
for privilege elevation.
- A POSIX-compliant system with a standard C development environment,
that supports Linux-PAM - (so, probably a Linux system)
- GNU make, version 3.81 or later
- skalibs version
188.8.131.52 or later. It's a build-time requirement and a run-time
- Linux-PAM version 1.3.0
or later. It's a build-time requirement and a run-time requirement.
pamela is free software. It is available under the
- See the enclosed INSTALL file for installation details.
- Please note that the build process expects security/pam_appl.h
to be a Linux-PAM header. Because of this, pamela's make install
does not overwrite security/pam_appl.h; instead, the header
exposing PAM functionality is named pamela/pam.h. When you are
positive you can replace the security/pam_appl.h header,
the make install-symlink command will do it for you.
- This page lists the differences to be aware of between
the previous versions of pamela and the current one.
- pamela is discussed on the