Re: Bug#262507: ITP: resmgr -- resource manager library
Andrew Suffield <email@example.com> wrote:
>> I plan to have SANE built with resmgr support for Etch, and I hope
>> other applications will support resmgr too. It can make life a lot
>> easier, and changes to the code are really minimal.
> It is, however, a security hole; it's functionally equivalent to
> pam_console (which we declined to ship in the past) and has the same
It's a bit better than pam_console, however, which has a lot of
I uploaded to experimental to get some feedback on the possible
security issues/implications; I'm still trying to determine whether
there are holes (read: bigger holes than those which can exist with
other solutions) or not.
Could you point out the security issues you see in resmgr ?
I note that SuSE ships resmgr and has a couple of resmgr-enabled
applications. Of course, RedHat ships pam_console, so that's not a
point (and they're having a whole lot of problems with it, again).
> problems. As such it's not really an improvement in security over
> making devices group- or world-accessible.
It doesn't claim to be a more secure solution than fiddling with
ownership and permissions, only to be more convenient (and I tend to
think that it is).
> resmgr must not be enabled by default and should carry a big warning;
> you can only use it in scenarios where you would be willing to use
As it is currently :
- rsm_open_device() will fall back to a call to open() if resmgrd
isn't available, so resmgr-enabled applications do not depend on
resmgrd being up & running;
- resmgrd isn't installed by default, you need to explicitly install
it (no dependencies, only a Recommends that could be downgraded to
a Suggests to avoid side-effects with some frontends to apt);
- resmgrd won't be started until configured (no default config
is shipped in the package, only an example config file);
- you need to add pam_resmgr to your PAM config files by hand.
I will add the big blinking warning if/when it goes into unstable (if
there's a consensus against resmgr, I'll withdraw the ITP) if needed.
> (Why somebody bothered to implement resmgr instead of simply enhancing
> pam_console is beyond me; probably NIH)
If you haven't already, you might want to read
I'm still reviewing resmgr and I probably won't be done with it for
some more months (being low on free time). I won't upload to unstable
unless I'm sure it cannot harm and it isn't a gapping security hole.
The idea is to provide a tool to sysadmins who might want to use it,
and not something that works out of the box, with a half-broken
Thanks for your feedback,
Julien BLACHE - Debian & GNU/Linux Developer - <firstname.lastname@example.org>
Public key available on <http://www.jblache.org> - KeyID: F5D6 5169
GPG Fingerprint : 935A 79F1 C8B3 3521 FD62 7CC7 CD61 4FD7 F5D6 5169