In <Pine.LNX.4.21.0003020000070.24029-100000@xxxxxxxxxxxxxxxx> Paul Jakma
(paul@xxxxxxxx) wrote:
> On Wed, 1 Mar 2000, Douglas Gilbert wrote:
> The solution (at least on RH6.0 and RH6.1) for the X problem was
> to change the following line in /etc/security/console.perms from:
> <console>=tty[0-9][0-9]* :[0-9]\.[0-9] :[0-9]
> to:
> <console>=tty[0-9][0-9]* [0-9][0-9]* :[0-9]\.[0-9] :[0-9]
> There is a related problem which stops root logging in on
> a virtual console. The solution was to add the last 8
> lines to /etc/securetty yielding:
> tty1
> tty2
> tty3
> tty4
> tty5
> tty6
> tty7
> tty8
> 1
> 2
> 3
> 4
> 5
> 6
> 7
> 8
> ick... this could cause /dev/pty/[1-8] to be deemed secure for root
> login.
Exactly. And it's NOT what you want.
> What's really needed is to fix the PAM securetty module. At the moment it
> won't parse full paths like /dev/vc/6 - which imo means pam securetty is
> broken.
Oh, yeah. Of course PAM is broken. We need to embed telepathy in PAM
IMMEDEATELY ! Or you can fix PAM so it will use full name after THAT
-- cut --
if ((tty = rindex(ttyn, '/')))
++tty;
else
tty = ttyn;
-- cut --
snippet from login.c ? PAM module was NEVER supplied with full device name
to begin with. Add tiny patch to your login.c (from unix-utils) and stop
blaming the innocent PAM.
--- util-linux-2.9x/login-utils/login.c Sat Dec 11 17:00:45 1999
+++ util-linux-2.9x/login-utils/login.c Sat Dec 11 17:03:16 1999
@@ -515,10 +515,10 @@
tcsetattr(0,TCSAFLUSH,&tt);
}
- if ((tty = rindex(ttyn, '/')))
- ++tty;
- else
+ if (strncmp(ttyn, "/dev/", 5))
tty = ttyn;
+ else
+ tty = ttyn+5;
#if 0
/* other than iso-8859-1 */
|