port-macppc: changing /etc/ttys

Subject: changing /etc/ttys
To: None <port-macppc@NetBSD.org>
From: Rui Paulo <rpaulo@fnop.net>
List: port-macppc
Date: 10/06/2005 13:38:43
--/WwmFnJnmDyWGHa4
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

Hi,
While I was trying to fix PR security/31334 with John Nemet, I noticed
that it was only reproducable on my macppc, but not on other ports.
I found out that src/etc/etc.macppc/ttys is not right and breaks PAM
for logins via zstty.

1) when you try to login without a root password it seems PAM checks
   for the tty
2) but the "real" tty device is /dev/ttyZ0 and not /dev/tty00 which is
   just a symlink to /dev/ttyZ0 and so PAM prints a error message
   about that and doesn't let the user login.
3) if the "real" tty is listed in /etc/ttys and marked as secure, the
   login is sucessful.

So, I was thinking about changing /etc/ttys like this:
Index: ttys
===================================================================
RCS file: /cvsroot/src/etc/etc.macppc/ttys,v
retrieving revision 1.7
diff -u -p -r1.7 ttys
--- ttys        20 Jun 2004 21:30:27 -0000      1.7
+++ ttys        6 Oct 2005 12:40:04 -0000
@@ -6,11 +6,5 @@
 #
 console        "/usr/libexec/getty std.38400"  vt100   off secure
 ttyE0  "/usr/libexec/getty std.9600"   vt100   on secure
-tty00  "/usr/libexec/getty std.38400"  vt100   on secure
-tty01  "/usr/libexec/getty std.9600"   unknown off secure
-tty02  "/usr/libexec/getty std.9600"   unknown off secure
-tty03  "/usr/libexec/getty std.9600"   unknown off secure
-tty04  "/usr/libexec/getty std.9600"   unknown off secure
-tty05  "/usr/libexec/getty std.9600"   unknown off secure
-tty06  "/usr/libexec/getty std.9600"   unknown off secure
-tty07  "/usr/libexec/getty std.9600"   unknown off secure
+ttyZ0  "/usr/libexec/getty std.38400"  unknown on  secure
+ttyZ1  "/usr/libexec/getty std.38400"  unknown off secure

Because:
1) /dev/tty0[2-7] do not exist (at least on my "old-world" macppc)
2) /dev/ttyZ[0-1] should be listed instead of /dev/tty0[0-1]

Do you seen any problems with this change?

		-- Rui Paulo

--/WwmFnJnmDyWGHa4
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (NetBSD)

iD8DBQFDRRrTZPqyxs9FH4QRAlD0AJ9PQbISl+7mUP5T4BDfHGSD+fw+6gCguFdC
cxLJf2cBXkcrPfgzbsLkSDg=
=bVPK
-----END PGP SIGNATURE-----

--/WwmFnJnmDyWGHa4--