[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: pam_console for debian

On Wed, Jul 24, 2002 at 11:58:27PM +0200, Bas Zoetekouw wrote:
> >  One solution is to use pam_group to add a user to a special, and
> > ususaly empty, group if he's loggued on the :0 display.
> That makes no sense. User logs in behind the console, and is put in the
> group. User makes a g+s zsh-with-camera-access binary and puts it in
> ~/bin. After that, he'll always have access to the camera.

Come to think of it, this would be easy to solve in SE-Linux simply by
disallowing Set-GID operations in user created scripts. In fact, this
should already be the default.

Another solution would be to hack the kernel to disallow chmod g+s
or chmod u+s if the user is not root.

Are there any security problems with this I haven't considered?
Brian May <bam@debian.org>

To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: