Problem Description:
Some third-party applications, including KDE’s kcheckpass command,
allow the user to specify the name of the policy on the command
line. Since OpenPAM treats the policy name as a path relative to
/etc/pam.d or /usr/local/etc/pam.d, users who are permitted to run
such an application can craft their own policies and cause the
application to load and execute their own modules.