See the summary. Giving the user lots of ownership of devices if he/she logs on at the console is currently a BAD security issue. The user can hold open fd's to the resource after they log out. This may allow for snooping. The problem will be fixed in the future when Linux gets a revoke() system call I think the console.perms is a great piece of work and makes Redhat easy to use - but for security reasons it should probably default to OFF. Discussions welcome :-)
This issue has been forwarded to a developer for further action.
assigned to johnsonm. I still have to see an exploit coming out of somebody snooping on my sound card, but nevertheless, one can never have too much security.
It will remain enabled by default. Users with physical access to the machine can do all sorts of other things to compromise the system, and because some of the guards against that are completely out of our control (for example, bios passwords, locked cases, etc.), it makes sense not to defend heavily against subtle attacks by users with physical access by default. We do explain, for those who wish to secure their machines physically, how to turn this service off. We do so in our manual, in the online documentation, and in a white paper on our website; in short, every documentation avenue we have open to us. When we have revoke(), I'll gladly look at putting it into the pam_console close_session, but defaulting to a hard-to-use system for no improvement in security (either practically or theoretically) is not an improvement at all.