Re: Security warnings from pam_securetty?

To: Svante Signell <svante.signell@telia.com>
Cc: debian-user@lists.debian.org
Subject: Re: Security warnings from pam_securetty?
From: Brian Brazil <bbrazil@netsoc.tcd.ie>
Date: Tue, 20 Apr 2004 12:14:52 +0100
Message-id: <[🔎] 20040420111452.GA22010@matrix.netsoc.tcd.ie>
Mail-followup-to: Svante Signell <svante.signell@telia.com>, debian-user@lists.debian.org
In-reply-to: <[🔎] 1082401033.3819.8.camel@em2.my.own.domain>
References: <[🔎] 1082401033.3819.8.camel@em2.my.own.domain>

On Mon, Apr 19, 2004 at 08:57:13PM +0200, Svante Signell wrote:
> I find these messages in my logfiles. What has changed recently?
> The access to the tty devices is crw-rw---- and owned by root.tty.
> 
> sshd[4196]: (pam_securetty) access denied: tty 'ssh' is not secure !
> xscreensaver: (pam_securetty) access denied: tty ':0.0' is not secure !

The purpose of securetty is to ensure that root can only login from
terminals(normally only the console) to prevent dangerous logins e.g. 
login via telnet. It has nothing to do with permissions (if you are root
they don't exacly matter anyway).

See: 
/etc/securetty 
man 5 securetty
/etc/pam.d
man 7 pam

I'd suggest removing the pam_securetty lines from pam.d/ssh and
xscreensaver. I can't think of any security problems to that off the top
of my head.

> Please cc: me since I'm not subscribed to the list.
Done

Brian

Reply to:

References:
- Security warnings from pam_securetty?
  - From: Svante Signell <svante.signell@telia.com>

Prev by Date: usb cd-writer
Next by Date: Re: usb cd-writer
Previous by thread: Security warnings from pam_securetty?
Next by thread: Re: Security warnings from pam_securetty?
Index(es):
- Date
- Thread