Re: pam_console for debian
Hi,
On mer, 2002-07-24 at 23:58, Bas Zoetekouw wrote:
> Hi Sebastien!
>
> You wrote:
>
> > One solution is to use pam_group to add a user to a special, and
> > ususaly empty, group if he's loggued on the :0 display.
>
> That makes no sense. User logs in behind the console, and is put in the
> group. User makes a g+s zsh-with-camera-access binary and puts it in
> ~/bin. After that, he'll always have access to the camera.
>
Did I write anywhere that this solution was secure? Anybody wanting to
edit /etc/security/group.conf knows the suid trick.
> With other words: pam_console is only for clueless admins and Redhat
> users.
>
Or for people who do not need the paranoid mode.
The problem is exactly the same if you put someone in the audio group.
If a microphone is plugged in the audio card, anybody into the audio
group can listen to you.AFAIK you must trust users a bit.
Classical unix perms are not efficient to deal with hostile users
anyway.
SEb
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: