[Pkg-shadow-devel] Bug#768020: Bug#768020: Missing /dev/ttySC* entries in /etc/securetty
geert at linux-m68k.org
Wed Nov 5 16:35:47 UTC 2014
On Wed, Nov 5, 2014 at 4:49 PM, Mike Frysinger <vapier at gentoo.org> wrote:
>> > perhaps the default should be to not have an /etc/securetty at all ? if the
>> > system is configured to launch getty on a tty, then in today's world, it means
>> > it's a local device right ? if you have physical access to something, and know
>> It may still be connected to a modem, waiting for incoming calls...
> how many of these systems legitimately exist anymore ? we shouldn't be
> handicapping the majority of users for an extreme edge case. if those people
> want to set up securetty, they can create the file themselves.
>> > the root password, what exactly is this protecting the system from ?
>> /etc/securetty is not meant to prevent privileged people from getting in,
>> but to protect the system against eavesdropping on unsecure lines
>> (.e.g. out-of-the-building serial cables and modem lines).
> how does securetty prevent that ? you can log in as non-root and then sudo. or
> try and leverage a known security vuln to escalate that non-root account. any
> perceived security provided by securetty is an illusion.
Ah, sudo is a recent invention ;-)
But you're right, /etc/securetty has little value these days.
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert at linux-m68k.org
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
More information about the Pkg-shadow-devel