Re: pam_console for debian
On Wed, Jul 24, 2002 at 11:58:27PM +0200, Bas Zoetekouw wrote:
> > One solution is to use pam_group to add a user to a special, and
> > ususaly empty, group if he's loggued on the :0 display.
>
> That makes no sense. User logs in behind the console, and is put in the
> group. User makes a g+s zsh-with-camera-access binary and puts it in
> ~/bin. After that, he'll always have access to the camera.
Come to think of it, this would be easy to solve in SE-Linux simply by
disallowing Set-GID operations in user created scripts. In fact, this
should already be the default.
Another solution would be to hack the kernel to disallow chmod g+s
or chmod u+s if the user is not root.
Are there any security problems with this I haven't considered?
--
Brian May <bam@debian.org>
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: