On 05 Nov 2014 17:35, Geert Uytterhoeven wrote: > On Wed, Nov 5, 2014 at 4:49 PM, Mike Frysinger wrote: > >> > perhaps the default should be to not have an /etc/securetty at all ? if > >> > the > >> > system is configured to launch getty on a tty, then in today's world, it > >> > means > >> > it's a local device right ? if you have physical access to something, > >> > and know > >> > >> It may still be connected to a modem, waiting for incoming calls... > > > > how many of these systems legitimately exist anymore ? we shouldn't be > > handicapping the majority of users for an extreme edge case. if those > > people > > want to set up securetty, they can create the file themselves. > > > >> > the root password, what exactly is this protecting the system from ? > >> > >> /etc/securetty is not meant to prevent privileged people from getting in, > >> but to protect the system against eavesdropping on unsecure lines > >> (.e.g. out-of-the-building serial cables and modem lines). > > > > how does securetty prevent that ? you can log in as non-root and then > > sudo. or > > try and leverage a known security vuln to escalate that non-root account. > > any > > perceived security provided by securetty is an illusion. > > Ah, sudo is a recent invention ;-)
`su` isn't though, and i don't think `su` enforces securetty ? it's only at `login` time ? > But you're right, /etc/securetty has little value these days. i guess this is something we need to encourage each distro to do as i don't think the upstream shadow package already ships this behavior by default. i'll update Gentoo after i double check the behavior and see if anyone notices :). -mike
signature.asc
Description: Digital signature
