On Sun, 23 Apr 2000, Richard Gooch wrote:
> Matthew Vanecek writes:
> > Richard Gooch wrote:
> > > Can someone tell me what the status of this is? Has util-linux been
> > > fixed (it's not obvious from the 2.10k HISTORY)? If not, what's the
> > > patch that needs to be applied? And who will step forward and push it
> > > to Andries?
> >
> > I have util-linux-2.10h-6 installed, and it seems to be working ok. I
> > had to change my securetty and console.perms to vc/*, anyhow.
>
> Khimenko Victor writes:
> > It was applied in some 2.10<something> linux-utils ... Not remember
> > which but latest ones should work just fine... Since it's tiny
> > change I think it just not mentioned in HISTORY file...
>
> Looks like we have disagreement. Victor: do you still need modified
> versions of /etc/securetty and console.perms?
>
No, if you are using devfsd and "old" names like /dev/tty1, /dev/ttyS0, etc.
Yes, if you are modified /etc/initttab and switched to /dev/vc/1, /dev/tts/1,
etc.
But with old linux-utils (before 2.10d at least) you have no choice: old
version will just use basename of device file for all checks (login from
linux-utils is doing it before even calling pam!). So pam can not
distinguish /dev/vc/1 and /dev/tts/1 : both are presented as just "1" to
pam module. With my small fix (included in recent linux-utils) /dev/vc/1
will be presented to pam module as vc/1 while /dev/tts/1 will be presented
as tts/1 and so pam can distinguish them. Of course tty1 and vc/1 are
still different (pam is using file names, not device major/minor numbers
or any AI).
Problem was NOT with changes in /etc/securetty and console.perms : it was
expected. What was NOT expected is that you can not make vc/1 allowed for
root login and NOT make tts/1 allowed for root logon in the same time.
THAT was problem. And it's fixed in recent linux-utils.
|