PATCH: drivers/char/vt.c allows virtually locking up nonnetworked machine

PATCH: drivers/char/vt.c allows virtually locking up nonnetworked machine

[Rudolf Polzer]

There is a problem concerning chvt. A normal user can run a

bash$ while [ 1 ]; do chvt 11; done

which cannot be killed using the console (only remotely, virtually never
on a nonnetworked multiuser machine). So I changed the kernel source code
so that only the superuser may change terminals.

Since renaming/deleting chvt is no solution (chvt is a simple ioctl call),
it seems to be the simplest way to prevent this. Console switching
using Ctrl-Alt-Fkey still works, as well as X, so probably there are
no implications in most cases.

But, since this may be too restrictive for some applications, I would
recommend making this a configuration option. Unfortunately I do not
know how to do this :(

--- drivers/char/vt.c.orig	Mon Jun 25 09:00:28 2001
+++ drivers/char/vt.c	Sat Jun 30 23:02:56 2001
@@ -435,10 +435,16 @@
 
 	/*
 	 * To have permissions to do most of the vt ioctls, we either have
-	 * to be the owner of the tty, or super-user.
+	 * to be the owner of the tty, or super-user. Only the superuser
+	 * if you want added security.
+	 */
+         
+	/*
+	 * disable a security hole, therefore the first check is commented
+	 * out!
 	 */
 	perm = 0;
-	if (current->tty == tty || suser())
+	if (/* current->tty == tty || */ suser())
 		perm = 1;
  
 	kbd = kbd_table + console;

Re: PATCH: drivers/char/vt.c allows virtually locking up nonnetworked machine

[Guest section DW]

On Sat, Jun 30, 2001 at 11:10:40PM +0200, Rudolf Polzer wrote:
> There is a problem concerning chvt. A normal user can run a
> 
> bash$ while [ 1 ]; do chvt 11; done
> 
> which cannot be killed using the console (only remotely, virtually never
> on a nonnetworked multiuser machine). So I changed the kernel source code
> so that only the superuser may change terminals.

The person at the console on a nonnetworked machine
can make life difficult for himself in a great variety of ways.
(E.g., try running
  #include <signal.h>
  main(){int i;for(i=1; i<32; i++)signal(i,SIG_IGN); while(1);}
on all VTs.)

It would not increase security when root privileges were needed
in all such cases.

Andries

Re: PATCH: drivers/char/vt.c allows virtually locking up nonnetworked machine

[Dan Podeanu]

On Sat, 30 Jun 2001, Rudolf Polzer wrote:

> There is a problem concerning chvt. A normal user can run a
>
> bash$ while [ 1 ]; do chvt 11; done
>
> which cannot be killed using the console (only remotely, virtually never
> on a nonnetworked multiuser machine). So I changed the kernel source code
> so that only the superuser may change terminals.
Ok, lemme see if I got this right. What exactly do you mean by 'a normal
user' or a 'nonnetworked machine'. If the machine is non-networked, then
it must be sort of single user. Oh yea, and if someone logs on from your
console, smack them and don't patch the kernel.

Oh yeah, I can imagine a few situations in which this would be necessary.
But if someone you don't trust logs on from your (non-networked) console
and has time to play with it, you're screwed anyway.

Dan.