[kmscon-devel] /bin/login always runs on /dev/pts/X
David Herrmann
dh.herrmann at gmail.com
Tue May 27 23:06:00 PDT 2014
Hi
On Tue, May 27, 2014 at 5:22 PM, Cristian Rodríguez
<crrodriguez at opensuse.org> wrote:
> El 27/05/14 07:44, David Herrmann escribió:
>
>> Note that /etc/securetty and pam_securetty is crap (in my opinion).
>
> I am also looking forward to get rid of this horrible hack..
>
>> It's a totally useless way to prevent root-logins. You should protect
>> root-logins with a proper authentication-scheme, instead of relying on
>> filters like /etc/securetty (which, btw, don't protect against "sudo"
>> and "su"..).
>
> Also, TTY access is not enforced by the kernel but by an userspace
> component.. this is the fatal flaw of this relic.
Yeah, it's a disaster. Best way to get rid of it is to disable
pam_securetty altogether. But that's a decision distros have to make.
Thanks
David
More information about the kmscon-devel
mailing list