You must log in or # to comment.
How it gets into the system at the first place?
Exactly. This is a malicious PAM module. Of course something as sensitive as PAM running as root can do any nasty thing it wants.
But the trick is, someone has to convince the target to go root and install it. And I guarantee you, of all the Linux users out there, only a teeny tiny fracition knows what PAM even is, and those who know aren’t likely to install any old PAM module willy-nilly. Which leaves an unlikely supply chain attack - unlikely because, just like expert users who diddle with PAM, any maintainer of a distro that supplies PAM modules is going to be super-careful what they onboard. Because ya know… PAM. It’s like super-sensitve.
So yeah, I’m not very worried.
