[patch] Auth method for console users
Colin Walters
walters at verbum.org
Mon Sep 27 15:16:31 UTC 2004
On Mon, 2004-09-27 at 16:02 +0200, Kay Sievers wrote:
> What about renaming it to _dbus_user_local_user() and search the logins
> with getutent(). If host = "", it should be a local user :)
Sounds bad to me; someone could login via ssh from anywhere, and then
ssh to localhost, and then I think their second ssh session would be a
"local login". The idea with Fedora's pam_console is it should mean
that the user has physical access to the machine.
I don't think DBus can really be a generic authentication library -
probably HAL will just have to duplicate the code for checking console
access inside a #ifdef HAVE_PAM_CONSOLE or something. On SuSE they will
probably want to patch it to use resmgr, etc.
> Sure, it's not nice, but may work on much more systems.
>
> We do a similar hack in udev, look for:
> set_to_local_user(char *user) in
> http://linuxusb.bkbits.net:8080/udev/anno/udev-add.c@1.73?nav=index.html|src/
It's a bit unclear to me what the security relevance of that is - what
additional privileges does a "local" user have for udev?
More information about the dbus
mailing list