In <200007182057.e6IKvGl03925@mobilix.ras.ucalgary.ca> Richard Gooch (rgooch@ras.ucalgary.ca) wrote:
RG> Khimenko Victor writes:
>> In <39709DC8.D460C273@wanadoo.fr> Martin Costabel (costabel@wanadoo.fr) wrote:
>> > John Covici wrote:
>> >>
>> >> Hi. I was reading the readme in the 2.4.0-test2 kernel documentation
>> >> tree for defs when I ran into the following mysterious passage
>> >>
>> >> /etc/securetty
>> >> PAM (Pluggable Authentication Modules) is supposed to be a flexible
>> >> mechanism for providing better user authentication and access to
>> >> services. Unfortunately, it's also fragile, complex and undocumented
>> >> (check out RedHat 6.1, and probably other distributions as well). PAM
>> >> has problems with symbolic links. Append the following lines to your
>> >> /etc/securetty file:
>> >>
>> >> 1
>> >> 2
>> >> 3
>> >> 4
>> >> 5
>> >> 6
>> >> 7
>> >> 8
>> >>
>> >> What does this mean since /etc/security is a directory and where
>> >> shhould these lines go anyway?
>>
>> > Isn't that obsolete anyway?
>>
>> It is.
>>
>> > The devfs documentation does not always follow the devfs API changes.
>>
>> True, but it's not the case.
>>
>> > In any case, if I want to login as root, I have to put
>>
>> > vc/1
>> > vc/2
>>
>> > and so on into /etc/securetty.
>>
>> Correct. This is since my one-liner change was incorporated in
>> linux-utils (NOT in devfs!) more then 8 months ago. So it can be
>> true or false depending on version of linux-utils NOT depending on
>> version of devfs. With old linux-utils you can write "0" in
>> securetty and suddenly root login will be allowed from /dev/vc/0,
>> /dev/pts/0, /dev/tts/0 - in fact <anything>/0 was allowed. Since it
>> does not look good from security standpoint linux-utils were
>> patched. Now you can specify what you REALLY want: vc/0 or tts/0 ...
RG> So when did this patch go in?
I remember time, not version. I had it applied for few months when someone
said that this problem (/dev/pts/0 is treated the same as /dev/vc/0) is due to
pam stupidity. I answered that pam is innocent - it was not supplied with
enough info to begin with. As result of discussion I've sent patch to
linux-utils maintainers and eventualy it was adopted (much to my surprise
since it looks like a kludge to me).
RG> I'd like to be able to refer to a specific version of util-linux rather
RG> than just say "recent".
Yes, I can understood this but problem is that I just not know when it was
done exactly :-(
RG> Also, what was the patch?
Ah. This part I can say for sure:
--- util-linux-2.9x/login-utils/login.c Sat Dec 11 17:00:45 1999
+++ util-linux-2.9x/login-utils/login.c Sat Dec 11 17:03:16 1999
@@ -480,6 +480,6 @@
tcsetattr(0,TCSAFLUSH,&tt);
}
- if ((tty = rindex(ttyn, '/')))
- ++tty;
+ if (strncmp(ttyn, "/dev/", 5) == 0)
+ tty = ttyn+5;
else
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Jul 23 2000 - 21:00:11 EST