[Pkg-cups-devel] Bug#385068: add some pam features
General Stone
generalstone at gmx.net
Tue Aug 29 14:16:33 UTC 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Roger Leigh wrote:
> I'm fairly sure that the PAM_TTY must be a terminal device. There
> might be security issues in using a "fake" TTY: that's a relative
> path, and so a "cups" "TTY" could be created in the CWD and
> potentially abused (for example, a hard or soft link to a real TTY).
> If there isn't a TTY, PAM_TTY should probably be left unset.
Yes, I was self confused about the function of these variable, but the
pam-modules (look at the sources) want be check if it was a TTY device
or not. The SSH server set the PAM_TTY variable to "ssh" and xdm set
the variable to ":0" or ":1", etc. The pam_access module themself
support these fake variables (see libpam-doc).
So I think there shouldn't be a problem if cupsd set the variable to
"cups" or "cupsys" or whatever.
- - Markus Nass
- --
Key fingerprint = DC3C 257C 2B71 8FA4 F609 F7F7 7C14 F806 5665 77FD
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Was nicht fliegen kann, kann auch nicht abstürzen.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFE9ExBfBT4BlZld/0RA/CoAJ9PG4F2d6om8NXtvMiVvHZnkLTwRwCdFiv0
YM8pBhiK1u5af1rwrLtfjE0=
=GHGE
-----END PGP SIGNATURE-----
More information about the Pkg-cups-devel
mailing list