FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Development

 
 
LinkBack Thread Tools
 
Old 01-09-2008, 11:20 PM
Bernardo Innocenti
 
Default PATCH: add --loginpause to mingetty

Hello Florian,

the attached patches add an option to pause login until the user hits
a key.

We need something like it on OLPC because:

- we don't want to set an empty password for either user root or olpc

- at the same time, we want to allow users to login as root at the
console

- finally, we do not wish to waste memory on shells the user hasn't
yet used

The security model we are implementing is very different from UNIX: we
ultimately trust the user at the console, but we don't trust applications
and we don't want them to gain root privileges using su or sudo with no
password.

I'm committing these changes to the OLPC-2 branch of mingetty in
Fedora CVS. Please, let me know you'd like to merge them or
something similar.

--
\___/
|___| Bernardo Innocenti - http://www.codewiz.org/
\___ One Laptop Per Child - http://www.laptop.org/
--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 01-10-2008, 12:27 PM
Lubomir Kundrak
 
Default PATCH: add --loginpause to mingetty

On Wed, 2008-01-09 at 19:20 -0500, Bernardo Innocenti wrote:
> Hello Florian,
>
> the attached patches add an option to pause login until the user hits
> a key.
>
> We need something like it on OLPC because:
>
> - we don't want to set an empty password for either user root or olpc
>
> - at the same time, we want to allow users to login as root at the
> console
>
> - finally, we do not wish to waste memory on shells the user hasn't
> yet used
>
> The security model we are implementing is very different from UNIX: we
> ultimately trust the user at the console, but we don't trust applications
> and we don't want them to gain root privileges using su or sudo with no
> password.
>
> I'm committing these changes to the OLPC-2 branch of mingetty in
> Fedora CVS. Please, let me know you'd like to merge them or
> something similar.

Such things are definitely better upstreamed if possible. Have you tried
contacting upstream?

Thanks,
--
Lubomir Kundrak (Red Hat Security Response Team)

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 01-10-2008, 03:14 PM
Bill Nottingham
 
Default PATCH: add --loginpause to mingetty

Lubomir Kundrak (lkundrak@redhat.com) said:
> > I'm committing these changes to the OLPC-2 branch of mingetty in
> > Fedora CVS. Please, let me know you'd like to merge them or
> > something similar.
>
> Such things are definitely better upstreamed if possible. Have you tried
> contacting upstream?

Florian is upstream, IIRC.

Bill

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 01-10-2008, 03:18 PM
Florian La Roche
 
Default PATCH: add --loginpause to mingetty

On Thu, Jan 10, 2008 at 11:14:00AM -0500, Bill Nottingham wrote:
> Lubomir Kundrak (lkundrak@redhat.com) said:
> > > I'm committing these changes to the OLPC-2 branch of mingetty in
> > > Fedora CVS. Please, let me know you'd like to merge them or
> > > something similar.
> >
> > Such things are definitely better upstreamed if possible. Have you tried
> > contacting upstream?
>
> Florian is upstream, IIRC.



Hello Bernardo Innocenti,

I've refused to add many other feature requests and AFAIK we do have
quite a few forks of mingetty now available.

But I think the downscaling side of Linux is pretty important, from
small machines up to larges ones with virtualization. ;-)

I'll have a look around at other patches floating around and generate
another upstream release with these posted ones here. They look sane
to me.

Thanks a lot,

Florian La Roche

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 

Thread Tools




All times are GMT. The time now is 02:45 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org