On Wed, Nov 5, 2014 at 4:49 PM, Mike Frysinger <[email protected]> wrote:
>> > perhaps the default should be to not have an /etc/securetty at all ? if
>> > the
>> > system is configured to launch getty on a tty, then in today's world, it
>> > means
>> > it's a local device right ? if you have physical access to something, and
>> > know
>>
>> It may still be connected to a modem, waiting for incoming calls...
>
> how many of these systems legitimately exist anymore ? we shouldn't be
> handicapping the majority of users for an extreme edge case. if those people
> want to set up securetty, they can create the file themselves.
>
>> > the root password, what exactly is this protecting the system from ?
>>
>> /etc/securetty is not meant to prevent privileged people from getting in,
>> but to protect the system against eavesdropping on unsecure lines
>> (.e.g. out-of-the-building serial cables and modem lines).
>
> how does securetty prevent that ? you can log in as non-root and then sudo.
> or
> try and leverage a known security vuln to escalate that non-root account. any
> perceived security provided by securetty is an illusion.
Ah, sudo is a recent invention ;-)
But you're right, /etc/securetty has little value these days.
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- [email protected]
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
