Red Hat Bugzilla – Bug 7641
login does not recognize pts/0 ... in securetty
Last modified: 2008-05-01 11:37:53 EDT
There does not appear to be any string which can be used in securetty which
will allow network root logins as documented. In previous versions, ttyp1,
... worked. In 6.1 (and 6.0 I think) a logged-in user shows, e.g., pts/1,
but using that string in securetty still does not permit a root login.
Removing securetty entirely does allow root login as documented. This
indicates that the problem is in fact in the interpretation of the file.
I've tried to fix this in pam-0.72-4 - a workaround in the meantime is to put
just the plain tty number (without the 'pts/' prefix) into /etc/securetty.
Putting anything other than local ttys in securetty is meaningless though,
because there is no guarantee that a particular individual or source host will
be assigned to a pty. The possibility is very real for anyone to deny you root
access, or alternatively gain root access themself. You'd at least avoid the DoS
attack by turning off securetty altogether.