Andrew Suffield <[EMAIL PROTECTED]> wrote: Hi,
>> I plan to have SANE built with resmgr support for Etch, and I hope >> other applications will support resmgr too. It can make life a lot >> easier, and changes to the code are really minimal. > > It is, however, a security hole; it's functionally equivalent to > pam_console (which we declined to ship in the past) and has the same It's a bit better than pam_console, however, which has a lot of issues. I uploaded to experimental to get some feedback on the possible security issues/implications; I'm still trying to determine whether there are holes (read: bigger holes than those which can exist with other solutions) or not. Could you point out the security issues you see in resmgr ? I note that SuSE ships resmgr and has a couple of resmgr-enabled applications. Of course, RedHat ships pam_console, so that's not a point (and they're having a whole lot of problems with it, again). > problems. As such it's not really an improvement in security over > making devices group- or world-accessible. It doesn't claim to be a more secure solution than fiddling with ownership and permissions, only to be more convenient (and I tend to think that it is). > resmgr must not be enabled by default and should carry a big warning; > you can only use it in scenarios where you would be willing to use > pam_console. As it is currently : - rsm_open_device() will fall back to a call to open() if resmgrd isn't available, so resmgr-enabled applications do not depend on resmgrd being up & running; - resmgrd isn't installed by default, you need to explicitly install it (no dependencies, only a Recommends that could be downgraded to a Suggests to avoid side-effects with some frontends to apt); - resmgrd won't be started until configured (no default config is shipped in the package, only an example config file); - you need to add pam_resmgr to your PAM config files by hand. I will add the big blinking warning if/when it goes into unstable (if there's a consensus against resmgr, I'll withdraw the ITP) if needed. > (Why somebody bothered to implement resmgr instead of simply enhancing > pam_console is beyond me; probably NIH) If you haven't already, you might want to read <http://rechner.lst.de/~okir/resmgr/description.html> I'm still reviewing resmgr and I probably won't be done with it for some more months (being low on free time). I won't upload to unstable unless I'm sure it cannot harm and it isn't a gapping security hole. The idea is to provide a tool to sysadmins who might want to use it, and not something that works out of the box, with a half-broken default config. Thanks for your feedback, JB. -- Julien BLACHE - Debian & GNU/Linux Developer - <[EMAIL PROTECTED]> Public key available on <http://www.jblache.org> - KeyID: F5D6 5169 GPG Fingerprint : 935A 79F1 C8B3 3521 FD62 7CC7 CD61 4FD7 F5D6 5169