Subject: Re: changing /etc/ttys
To: Rui Paulo <rpaulo@fnop.net>
From: Chris Tribo <ctribo@dtcc.edu>
List: port-macppc
Date: 10/06/2005 08:53:47 
Getty and login don't like having symlinked device names either as  
they seem to handle them differently, this was a problem before PAM,  
so anything that makes it work sounds good to me!

Chris

On Oct 6, 2005, at 8:38 AM, Rui Paulo wrote:

> Hi,
> While I was trying to fix PR security/31334 with John Nemet, I noticed
> that it was only reproducable on my macppc, but not on other ports.
> I found out that src/etc/etc.macppc/ttys is not right and breaks PAM
> for logins via zstty.
>
> 1) when you try to login without a root password it seems PAM checks
>    for the tty
> 2) but the "real" tty device is /dev/ttyZ0 and not /dev/tty00 which is
>    just a symlink to /dev/ttyZ0 and so PAM prints a error message
>    about that and doesn't let the user login.
> 3) if the "real" tty is listed in /etc/ttys and marked as secure, the
>    login is sucessful.
>
> So, I was thinking about changing /etc/ttys like this:
> Index: ttys
> ===================================================================
> RCS file: /cvsroot/src/etc/etc.macppc/ttys,v
> retrieving revision 1.7
> diff -u -p -r1.7 ttys
> --- ttys        20 Jun 2004 21:30:27 -0000      1.7
> +++ ttys        6 Oct 2005 12:40:04 -0000
> @@ -6,11 +6,5 @@
>  #
>  console        "/usr/libexec/getty std.38400"  vt100   off secure
>  ttyE0  "/usr/libexec/getty std.9600"   vt100   on secure
> -tty00  "/usr/libexec/getty std.38400"  vt100   on secure
> -tty01  "/usr/libexec/getty std.9600"   unknown off secure
> -tty02  "/usr/libexec/getty std.9600"   unknown off secure
> -tty03  "/usr/libexec/getty std.9600"   unknown off secure
> -tty04  "/usr/libexec/getty std.9600"   unknown off secure
> -tty05  "/usr/libexec/getty std.9600"   unknown off secure
> -tty06  "/usr/libexec/getty std.9600"   unknown off secure
> -tty07  "/usr/libexec/getty std.9600"   unknown off secure
> +ttyZ0  "/usr/libexec/getty std.38400"  unknown on  secure
> +ttyZ1  "/usr/libexec/getty std.38400"  unknown off secure
>
> Because:
> 1) /dev/tty0[2-7] do not exist (at least on my "old-world" macppc)
> 2) /dev/ttyZ[0-1] should be listed instead of /dev/tty0[0-1]
>
> Do you seen any problems with this change?
>
>         -- Rui Paulo
> !DSPAM:43451b92308201587110055!