* PATCH: drivers/char/vt.c allows virtually locking up nonnetworked machine
@ 2001-06-30 21:10 Rudolf Polzer
2001-06-30 22:53 ` Guest section DW
2001-06-30 22:54 ` Dan Podeanu
0 siblings, 2 replies; 3+ messages in thread
From: Rudolf Polzer @ 2001-06-30 21:10 UTC (permalink / raw)
To: torvalds; +Cc: linux-kernel
There is a problem concerning chvt. A normal user can run a
bash$ while [ 1 ]; do chvt 11; done
which cannot be killed using the console (only remotely, virtually never
on a nonnetworked multiuser machine). So I changed the kernel source code
so that only the superuser may change terminals.
Since renaming/deleting chvt is no solution (chvt is a simple ioctl call),
it seems to be the simplest way to prevent this. Console switching
using Ctrl-Alt-Fkey still works, as well as X, so probably there are
no implications in most cases.
But, since this may be too restrictive for some applications, I would
recommend making this a configuration option. Unfortunately I do not
know how to do this :(
--- drivers/char/vt.c.orig Mon Jun 25 09:00:28 2001
+++ drivers/char/vt.c Sat Jun 30 23:02:56 2001
@@ -435,10 +435,16 @@
/*
* To have permissions to do most of the vt ioctls, we either have
- * to be the owner of the tty, or super-user.
+ * to be the owner of the tty, or super-user. Only the superuser
+ * if you want added security.
+ */
+
+ /*
+ * disable a security hole, therefore the first check is commented
+ * out!
*/
perm = 0;
- if (current->tty == tty || suser())
+ if (/* current->tty == tty || */ suser())
perm = 1;
kbd = kbd_table + console;
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: PATCH: drivers/char/vt.c allows virtually locking up nonnetworked machine
2001-06-30 21:10 PATCH: drivers/char/vt.c allows virtually locking up nonnetworked machine Rudolf Polzer
@ 2001-06-30 22:53 ` Guest section DW
2001-06-30 22:54 ` Dan Podeanu
1 sibling, 0 replies; 3+ messages in thread
From: Guest section DW @ 2001-06-30 22:53 UTC (permalink / raw)
To: Rudolf Polzer, torvalds; +Cc: linux-kernel
On Sat, Jun 30, 2001 at 11:10:40PM +0200, Rudolf Polzer wrote:
> There is a problem concerning chvt. A normal user can run a
>
> bash$ while [ 1 ]; do chvt 11; done
>
> which cannot be killed using the console (only remotely, virtually never
> on a nonnetworked multiuser machine). So I changed the kernel source code
> so that only the superuser may change terminals.
The person at the console on a nonnetworked machine
can make life difficult for himself in a great variety of ways.
(E.g., try running
#include <signal.h>
main(){int i;for(i=1; i<32; i++)signal(i,SIG_IGN); while(1);}
on all VTs.)
It would not increase security when root privileges were needed
in all such cases.
Andries
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: PATCH: drivers/char/vt.c allows virtually locking up nonnetworked machine
2001-06-30 21:10 PATCH: drivers/char/vt.c allows virtually locking up nonnetworked machine Rudolf Polzer
2001-06-30 22:53 ` Guest section DW
@ 2001-06-30 22:54 ` Dan Podeanu
1 sibling, 0 replies; 3+ messages in thread
From: Dan Podeanu @ 2001-06-30 22:54 UTC (permalink / raw)
To: Rudolf Polzer; +Cc: linux-kernel
On Sat, 30 Jun 2001, Rudolf Polzer wrote:
> There is a problem concerning chvt. A normal user can run a
>
> bash$ while [ 1 ]; do chvt 11; done
>
> which cannot be killed using the console (only remotely, virtually never
> on a nonnetworked multiuser machine). So I changed the kernel source code
> so that only the superuser may change terminals.
Ok, lemme see if I got this right. What exactly do you mean by 'a normal
user' or a 'nonnetworked machine'. If the machine is non-networked, then
it must be sort of single user. Oh yea, and if someone logs on from your
console, smack them and don't patch the kernel.
Oh yeah, I can imagine a few situations in which this would be necessary.
But if someone you don't trust logs on from your (non-networked) console
and has time to play with it, you're screwed anyway.
Dan.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2001-07-03 1:16 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2001-06-30 21:10 PATCH: drivers/char/vt.c allows virtually locking up nonnetworked machine Rudolf Polzer
2001-06-30 22:53 ` Guest section DW
2001-06-30 22:54 ` Dan Podeanu
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).