[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Pkg-shadow-devel] pam_securetty failure for unknown users on secure ttys



Hello,

On Sun, Jun 15, 2008 at 10:18:23AM +0200, kukuk suse de wrote:
> On Sat, Jun 14, Nicolas François wrote:
> 
> > What was the rational for changing the return value from PAM_IGNORE to
> > PAM_USER_UNKNOWN?
> 
> Assume root mistypes his account name, pam_securetty would return
> PAM_IGNORE, next module would allow root to correct the user name
> and root is able to login on a insecure tty.

I agree that unknown users should be considered as root.
But on a secure tty, root is allowed to proceed and provide her
authentication token.
On a secure tty, an unknown user should also be allowed, as root, to
provide an authentication token (which will be rejected by other modules).

On an insecure tty, an unknown user should of course be considered as
root, and be denied.

> > (BTW the pam_securetty's manpage needs an update)
> 
> Please make a bug report on sf.net for this, so it does not go lost.

Done.

> > I would prefer that pam_securetty fails only if the tty is not secure and
> > the user is root or unknown.
> 
> I fail to see the difference to the current behavior. With your suggestion,
> an attacker can also find simple out if the account exists or not.

Agreed in case of an insecure tty.
But the information will be hidden for login attempts on secure ttys.

Best Regards,
-- 
Nekral


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]