[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: coupe things RedHat does well and Debian should too


On Fri, 5 May 2000, Sami Haahtinen wrote:

> On Fri, May 05, 2000 at 01:12:06PM -0400, Michael Stone wrote:
> > These are both security nightmares, and I would object to them going in
> > as anything other than optional modules with warning messages.
> 
> (AFAIR) there just was some discussion about these somewhere, i think
> it was BugTraq... about security problems with pam_console..
> 
> also, i think this might be a good idea for a workstation, which is used
> for gaming. (so we should consider these too) but i still think that it
> might be nice to write something like pam_addgroup.. which would add
> the user that logs in to certain groups, ofcourse this does not cover

Such module already exists and is install in debian. The problem with it,
though, is the behavior of xdm (and other dm's). In text logins it works
fine, but xdm drops all extra groups so the module does not have any
effect. The same happens with pam_environment (or whatever it is
called): xdm manages to drop all the environment variables.

Sergey.


> SVGALib programs, but for that we could use somekind of program to check
> which group a user belongs to and if user belongs to a correct group it
> would permit suid root...
> 
> yes, i know that this is not the best solution, but still we need
> a solution!
> 
> at some point someone wants to play with Linux.. and when they can't
> (easily) they will drop Linux...
> -- 
> My Two cents!
>
Reply to: