[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#262507: ITP: resmgr -- resource manager library

Andrew Suffield <asuffield@debian.org> wrote:


>> I plan to have SANE built with resmgr support for Etch, and I hope
>> other applications will support resmgr too. It can make life a lot
>> easier, and changes to the code are really minimal.
> It is, however, a security hole; it's functionally equivalent to
> pam_console (which we declined to ship in the past) and has the same

It's a bit better than pam_console, however, which has a lot of

I uploaded to experimental to get some feedback on the possible
security issues/implications; I'm still trying to determine whether
there are holes (read: bigger holes than those which can exist with
other solutions) or not.

Could you point out the security issues you see in resmgr ?

I note that SuSE ships resmgr and has a couple of resmgr-enabled
applications. Of course, RedHat ships pam_console, so that's not a
point (and they're having a whole lot of problems with it, again).

> problems. As such it's not really an improvement in security over
> making devices group- or world-accessible.

It doesn't claim to be a more secure solution than fiddling with
ownership and permissions, only to be more convenient (and I tend to
think that it is).

> resmgr must not be enabled by default and should carry a big warning;
> you can only use it in scenarios where you would be willing to use
> pam_console.

As it is currently :
 - rsm_open_device() will fall back to a call to open() if resmgrd
   isn't available, so resmgr-enabled applications do not depend on
   resmgrd being up & running;
 - resmgrd isn't installed by default, you need to explicitly install
   it (no dependencies, only a Recommends that could be downgraded to
   a Suggests to avoid side-effects with some frontends to apt);
 - resmgrd won't be started until configured (no default config
   is shipped in the package, only an example config file);
 - you need to add pam_resmgr to your PAM config files by hand.

I will add the big blinking warning if/when it goes into unstable (if
there's a consensus against resmgr, I'll withdraw the ITP) if needed.

> (Why somebody bothered to implement resmgr instead of simply enhancing
> pam_console is beyond me; probably NIH)

If you haven't already, you might want to read

I'm still reviewing resmgr and I probably won't be done with it for
some more months (being low on free time). I won't upload to unstable
unless I'm sure it cannot harm and it isn't a gapping security hole.

The idea is to provide a tool to sysadmins who might want to use it,
and not something that works out of the box, with a half-broken
default config.

Thanks for your feedback,


 Julien BLACHE - Debian & GNU/Linux Developer - <jblache@debian.org> 
 Public key available on <http://www.jblache.org> - KeyID: F5D6 5169 
 GPG Fingerprint : 935A 79F1 C8B3 3521 FD62 7CC7 CD61 4FD7 F5D6 5169 

Reply to: