at_console

[Havoc Pennington]

Hi,

On Mon, 2005-02-07 at 00:12 +0100, Tom Parker wrote:
> 2) Replace the current 'check for a /var/run/console/$username' with an 
> actual implementation of the pam_console logic i.e. check the user's 
> logged in terminal and see if they're a console user. This gets around 
> the Debian issues as we're not messing around with device node 
> permissions at all.

I'd rather not maintain this (it seems likely to get into a lot of
distribution-specific issues and be security-sensitive, and I can't test
it). The right thing in my mind is for distributions to maintain this;
whether in the form of pam_console, or just specifically for use by
dbus.

I'm happy to put in any logic needed in dbus to chain to the
distribution's choice of ways to do this, as long as I don't have to
maintain the actual "at console" mechanism. i.e. I'd take any
distribution patch upstream into dbus (with suitable configure checks
and #ifdef) as long as the patch is to chain out to an OS mechanism,
rather than to implement the hard bits directly in dbus.

> 3) Replace with something else. Not sure what/how, this depends on how 
> useful 'user has a console' is as a authentication measure, and whether 
> we actually need something (possibly subtly) different. Ideas welcomed...

That's the other thing OS vendors can do of course; use some other kind
of policy besides "at console" - such as "in a particular group" or
whatever is desired.

To me this isn't a portability issue, it's an OS feature issue. dbus
works with whatever the OS provides, but if the OS provides more
function then dbus passes it through to be taken advantage of.

Seems like pam_console would have quite a few other benefits for Debian
besides dbus, no? Surely Ubuntu has something in this area already?

Havoc