[Pkg-shadow-devel] Bug#768020: Bug#768020: Missing /dev/ttySC* entries in /etc/securetty

[Geert Uytterhoeven]

On Wed, Nov 5, 2014 at 4:49 PM, Mike Frysinger <vapier at gentoo.org> wrote:
>> > perhaps the default should be to not have an /etc/securetty at all ?  if the
>> > system is configured to launch getty on a tty, then in today's world, it means
>> > it's a local device right ?  if you have physical access to something, and know
>>
>> It may still be connected to a modem, waiting for incoming calls...
>
> how many of these systems legitimately exist anymore ?  we shouldn't be
> handicapping the majority of users for an extreme edge case.  if those people
> want to set up securetty, they can create the file themselves.
>
>> > the root password, what exactly is this protecting the system from ?
>>
>> /etc/securetty is not meant to prevent privileged people from getting in,
>> but to protect the system against eavesdropping on unsecure lines
>> (.e.g. out-of-the-building serial cables and modem lines).
>
> how does securetty prevent that ?  you can log in as non-root and then sudo.  or
> try and leverage a known security vuln to escalate that non-root account.  any
> perceived security provided by securetty is an illusion.

Ah, sudo is a recent invention ;-)

But you're right, /etc/securetty has little value these days.

Gr{oetje,eeting}s,

                        Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert at linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds