[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Patch 5: Securetty Module



johnsonm@redhat.com (Michael K. Johnson)  wrote on 30.07.96 in <199607301458.KAA12939@tristan.redhat.com>:

> Securetty works *very* well as a separate module.  Red Hat Linux will ship
> with securetty checking turned on for all in.r* services by default, and
> people who want to enable root access to in.r* services can do so by
> modifying their pam.conf files.

However, it has a serious problem.

> +     if(strcmp("root",username)) /* If the user is not root,

This check is wrong.

You don't want to block a user named "root", you want to block a user with  
id 0.

There are lots of systems that have different names for this user, and  
there are even some where the traditional name is a user without  
priviledges.


MfG Kai



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []