Re: recent gpm DoS issue
On Thu, Jul 27, 2000 at 11:56:03PM -0800, Ethan Benson wrote:
> pam_group is only relativly secure if your system is installed and
> configured a certain way:
Yup, some of that is mentioned in the documentation... nevertheless, it
would be a big improvement over making the socket world-writable.
Red Hat are using a pam_console module for this, here is an excerpt from
their advisory:
"For 6.x, the /dev/gpmctl ownership issue was addressed via the
pam_console helper mechanism. This pam module makes devices
which need to be accessible via console users owned by them and
no one else."
> what is gpmctl actually used for anyway?
I don't know exactly! ;) But here's what the gpm man page says:
/dev/gpmctl A control socket for clients
And the file only exists while gpm is running (it's removed when you
stop gpm) so I am guessing it is the socket through which clients read
mouse data.
Reply to: