On Wed, 09.04.14 22:20, Lennart Poettering (mzerqung@xxxxxxxxxxx) wrote: > This sounds entirely backwards, and I'd instead vote for removing > securetty from the PAM stacks we ship altogether. The concept is > outdated. It was useful in a time where the primary way to access a > server was via physically attached TTY devices. But that time is mostly > over... > > Nowadays the device names exposed by the kernel tend to be dynamically > assigned, they should not be assumed stable (with one exeption, classic > UART 16650 serial ports). Stable paths for these devices we add in via > symlinks these days, using /dev/*/by-path/, /dev/*/by-id/, -- as you > might know from disk devices. Now, the securetty logic is unable to > verify things using these symlinks, hence the entire concept is > flawed. It will use an unsteable device name instead, making it mostly > useless in hotplug scenarios. > > securetty is particularly annoying when we use containers. Tools like > "machinectl login" will dynamically spawn a getty for you on a pts > device in the container, but since pts is not listed in securetty you > cannot log in as root by default. And you cannot event add a wildcard > match of pts/* to it, to make this work nicely. > > Hence: please let's just remove securetty entirely from the default PAM > stacks. It's annoying, it creates a false sense of security, it's a > relict of a different time and not compatible with modern device > management, hotplug, containers, and so on! To clarify this: while I believe dropping securetty from the default PAM config is the right thing to do, I am not vulunteering to do it. But I'd love to see somebody to pick this up! Lennart -- Lennart Poettering, Red Hat -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
