[patch] Auth method for console users

Kay Sievers kay.sievers at vrfy.org
Mon Sep 27 18:26:24 UTC 2004

On Mon, 2004-09-27 at 11:16 -0400, Colin Walters wrote:
> On Mon, 2004-09-27 at 16:02 +0200, Kay Sievers wrote:
> > What about renaming it to _dbus_user_local_user() and search the logins
> > with getutent(). If host = "", it should be a local user :)
> Sounds bad to me; someone could login via ssh from anywhere, and then
> ssh to localhost, and then I think their second ssh session would be a
> "local login". 

Then the host carries the local hostname and it is not empty, at least
here on my box.

> The idea with Fedora's pam_console is it should mean
> that the user has physical access to the machine. 
> I don't think DBus can really be a generic authentication library -

Good valid point.

> probably HAL will just have to duplicate the code for checking console
> access inside a #ifdef HAVE_PAM_CONSOLE or something.  On SuSE they will
> probably want to patch it to use resmgr, etc.
> > Sure, it's not nice, but may work on much more systems.
> > 
> > We do a similar hack in udev, look for: 
> >   set_to_local_user(char *user) in
> >   http://linuxusb.bkbits.net:8080/udev/anno/udev-add.c@1.73?nav=index.html|src/
> It's a bit unclear to me what the security relevance of that is - what
> additional privileges does a "local" user have for udev?

It is a devfs emulation feature. For devfsd it was possible to specify a
"-1" for the uid to get the "current local user".
During the transition from devfs to udev we had a request for that, but
I think nearly nobody will ever use that.


More information about the dbus mailing list