|
Bugzilla – Full Text Bug Listing |
| Summary: | Please add "pam_keyinit.so" to the /etc/pam.d/ppp configuration file | ||
|---|---|---|---|
| Product: | [openSUSE] openSUSE Tumbleweed | Reporter: | Josef Möllers <josef.moellers> |
| Component: | Basesystem | Assignee: | Reinhard Max <max> |
| Status: | RESOLVED INVALID | QA Contact: | E-mail List <qa-bugs> |
| Severity: | Normal | ||
| Priority: | P5 - None | CC: | alynx.zhou, security-team |
| Version: | Current | ||
| Target Milestone: | Current | ||
| Hardware: | All | ||
| OS: | openSUSE Factory | ||
| Whiteboard: | |||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Description
Josef Möllers
2019-08-02 15:08:58 UTC
Changed codestream to TW where it belongs. ping! Any progress? Not sure if including pam_keyinit is actually needed or desirable for ppp. Maybe the security team can help us to clarify this. I currently have a hard time thinking if kernel keyrings are needed by PAM. (In reply to Marcus Meissner from comment #4) > I currently have a hard time thinking if kernel keyrings are needed by PAM. I agree that I haven't seen them in free wilderness yet, but I think it's one of the Next Great Things! Somebody has to make sure that when you "log in", one way or the other, and may need access to the key in the new user's keyring, the keyring is properly set up. It's not PAM who needs the keyring (more important, the keys attached) but the processes that run under the new user's UID. Just my 2€ct! AFAIU pam_keyinit is (also) needed to keep user processes from inheriting access to keyrings from the systemd process running under root even if neither PAM nor the user process are using kernel keyrings themselves. But I am not sure whether or not this is relevant for the pppd case compared to programs that fall into the login category. Any progress? ping! Any progress? After some more research: ppp doesn't need pam_keyinit, so closing this bug as INVALID. |