[Pkg-cups-devel] Bug#385068: add some pam features
Roger Leigh
rleigh at whinlatter.ukfsn.org
Tue Aug 29 08:31:20 UTC 2006
General Stone <generalstone at gmx.net> writes:
> Package: cupsys
> Version: 1.2.2-1
> Severity: wishlist
> Tags: patch
>
> Please add these pam features:
>
> 1) pam_set_item(pamh, PAM_TTY, "cups")
> -----------------------------------
> Need by some pam-modules which need the 'tty' variable, like
> pam_group, pam_access, pam_time, etc.
I'm fairly sure that the PAM_TTY must be a terminal device. There
might be security issues in using a "fake" TTY: that's a relative
path, and so a "cups" "TTY" could be created in the CWD and
potentially abused (for example, a hard or soft link to a real TTY).
If there isn't a TTY, PAM_TTY should probably be left unset.
Regards,
Roger
--
.''`. Roger Leigh
: :' : Debian GNU/Linux http://people.debian.org/~rleigh/
`. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/
`- GPG Public Key: 0x25BFB848 Please GPG sign your mail.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 188 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-cups-devel/attachments/20060829/0b54db07/attachment.pgp
More information about the Pkg-cups-devel
mailing list