Bug 7641

Summary: login does not recognize pts/0 ... in securetty
Product: [Retired] Red Hat Linux Reporter: dlm
Component: util-linuxAssignee: Crutcher Dunnavant <crutcher>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 6.1   
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2000-02-04 00:07:01 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description dlm 1999-12-06 22:29:20 UTC 
There does not appear to be any string which can be used in securetty which
will allow network root logins as documented.  In previous versions, ttyp1,
... worked.  In 6.1 (and 6.0 I think) a logged-in user shows, e.g., pts/1,
but using that string in securetty still does not permit a root login.

Removing securetty entirely does allow root login as documented.  This
indicates that the problem is in fact in the interpretation of the file.
Comment 1 Elliot Lee 2000-02-04 00:07:59 UTC 
I've tried to fix this in pam-0.72-4 - a workaround in the meantime is to put
just the plain tty number (without the 'pts/' prefix) into /etc/securetty.

Putting anything other than local ttys in securetty is meaningless though,
because there is no guarantee that a particular individual or source host will
be assigned to a pty. The possibility is very real for anyone to deny you root
access, or alternatively gain root access themself. You'd at least avoid the DoS
attack by turning off securetty altogether.