[Pkg-shadow-devel] Bug#768020: Bug#768020: Missing /dev/ttySC* entries in /etc/securetty

Geert Uytterhoeven geert at linux-m68k.org
Wed Nov 5 08:16:49 UTC 2014

On Tue, Nov 4, 2014 at 6:31 PM, Mike Frysinger <vapier at gentoo.org> wrote:
> On 04 Nov 2014 10:04, Geert Uytterhoeven wrote:
>> Package: login
>> Version: 1:4.2-2+b1
>> /etc/securetty contains the following /dev/ttySC* entries:
>> | # SCI serial port (SuperH) ports and SC26xx serial ports
>> | ttySC0
>> | ttySC1
>> | ttySC2
>> | ttySC3
>> Some Renesas ARM-based SH-Mobile development boards have the
>> serial console on ttySC4 or ttySC6, or a secondary console on ttySC7.
>> At least one SH-based board has its serial console on ttySC5.
>> Can you please add entries ttySC[4-9]?
> there's a lot of boards with a lot of different serial devices.  i'm not sure
> every possibility should be hardcoded ?  every distro is duplicating this work
> too and maintaining their own random full list.  can't we do better here ?

Unfortunately, due to the "only real 16550 serial ports can be called ttyS%u"

> perhaps the default should be to not have an /etc/securetty at all ?  if the
> system is configured to launch getty on a tty, then in today's world, it means
> it's a local device right ?  if you have physical access to something, and know

It may still be connected to a modem, waiting for incoming calls...

> the root password, what exactly is this protecting the system from ?

/etc/securetty is not meant to prevent privileged people from getting in,
but to protect the system against eavesdropping on unsecure lines
(.e.g. out-of-the-building serial cables and modem lines).



Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert at linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

More information about the Pkg-shadow-devel mailing list