Re: [CHANGE PROPOSAL] The securetty file is empty by default

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 9 Apr 2014, Chris Adams wrote:

Once upon a time, Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx> said:
On Wed, Apr 09, 2014 at 10:20:36PM +0200, Lennart Poettering wrote:
[technical reasoning snipped]
Hence: please let's just remove securetty entirely from the default PAM
stacks. It's annoying, it creates a false sense of security, it's a
relict of a different time and not compatible with modern device
management, hotplug, containers, and so on!

That makes sense to me. And unlike tcpwrappers, it's just a runtime config
file change to put back for cases where it's wanted.

Yeah, I think that's a decent way forward.  AFAIK the securetty thing
right now only affects console terminals

As long as it does not lock out root from kvm/uml console/serial logins.

Paul
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux