-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Roger Leigh wrote: > I'm fairly sure that the PAM_TTY must be a terminal device. There > might be security issues in using a "fake" TTY: that's a relative > path, and so a "cups" "TTY" could be created in the CWD and > potentially abused (for example, a hard or soft link to a real TTY). > If there isn't a TTY, PAM_TTY should probably be left unset.
Yes, I was self confused about the function of these variable, but the pam-modules (look at the sources) want be check if it was a TTY device or not. The SSH server set the PAM_TTY variable to "ssh" and xdm set the variable to ":0" or ":1", etc. The pam_access module themself support these fake variables (see libpam-doc). So I think there shouldn't be a problem if cupsd set the variable to "cups" or "cupsys" or whatever. - - Markus Nass - -- Key fingerprint = DC3C 257C 2B71 8FA4 F609 F7F7 7C14 F806 5665 77FD ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Was nicht fliegen kann, kann auch nicht abstürzen. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE9ExBfBT4BlZld/0RA/CoAJ9PG4F2d6om8NXtvMiVvHZnkLTwRwCdFiv0 YM8pBhiK1u5af1rwrLtfjE0= =GHGE -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
