On Wed, 17 Apr 2013 00:40, Cristian Rodríguez <crrodriguez@...> wrote:
El 16/04/13 05:07, Yamaban escribió: [snip]
ATM kmscon is a very fresh child in terms of programming, and subject to change, so IMHO it would be the best to rise this issue with the programmers of kmscon directly and ask for ideas.
It was already risen there,this has nothing to do with the kmscon code, it does nothing with pam, it does no authentication/autorization, it invokes "login" that's all.
The question is why does kmscon use pts instead of tty. Is there a deeper cause (e.g. code quality inside kernel), or what was the driving thought? Are the aware of the shit storm due to login / pam that is coming? OTOH login and pam could do with an overhaul on the matter. The pure concept behind securetty is more than simply fishy. No, my thought behind rising the matter upstream is: To make sure all players (kmscon / login / pam) get their asses in gear BEFORE the fallout hits the masses / users via a misconfigured distro / packages. Early warning, and all that. A system where root can not log in during a boot with "single" or "emergency" target is a failure from the start.
OTOH kick this issue to the RedHat sec-team and watch the firework.
what has redhat to do this ?
Notice: where do Kai and Lennert work? Who wants for 'force' kmscon on the users before it's really ready (see above)? Let them handle the issue "inhouse" first. I had some ill feelings about their April first jokes, let them handle the fallout first has something poetic about "Karma", as I said, vidictive, I know. - Yamaban.