[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: pam_console for debian


On mer, 2002-07-24 at 23:58, Bas Zoetekouw wrote:
> Hi Sebastien!
> You wrote:
> >  One solution is to use pam_group to add a user to a special, and
> > ususaly empty, group if he's loggued on the :0 display.
> That makes no sense. User logs in behind the console, and is put in the
> group. User makes a g+s zsh-with-camera-access binary and puts it in
> ~/bin. After that, he'll always have access to the camera.

Did I write anywhere that this solution was secure? Anybody wanting to
edit /etc/security/group.conf knows the suid trick.

> With other words: pam_console is only for clueless admins and Redhat
> users.

Or for people who do not need the paranoid mode. 

The problem is exactly the same if you put someone in the audio group.
If  a microphone is plugged in the audio card, anybody into the audio
group can listen to you.AFAIK you must trust users a bit.

 Classical unix perms are not efficient to deal with hostile users


To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: