Cristian Rodríguez wrote:
While testing kmscon, I noticed that, by default it is impossible to login as root. kmscon simple invokes login(1) binary which in interfaces with PAM module pam_securetty that checks for "secure ttys" in /etc/securetty which lists the permitted devices as a whitelist..but kmscon does not use the tty(4) but pts(4) and /dev/pts/* devices are not in the list.
While I think this "whitelist" is a pretty arcane and ugly way to control access, I'm looking for feedback on how to make this stuff work without having to manually extend the whitelist (and therefore perpetuating the false sense of security it provides) AND not breaking the old way.
Does anyone have any feedback on how to "bypass" this list programatically ?
According to the documentation pam_securetty is supposed to allow access from the currently active console. I suppose kmscon somehow needs to have the notion of an active console as well. So it needs to communicate that to the kernel to reflect it in /sys/class/tty/console/active. Alternatively pam_securetty could be patched to support kmscon directly. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org