On Wed, 25 Aug 1999, Michael K. Johnson wrote: > To change this behaviour in the way Michal wants would require that > all console-switching activity be controlled only by root. This would > have a detrimental effect on security, because it would increase the > number of setuid applications on the system. So this is not a kernel > bug, and since the behaviour Michal wants would have to be enforced in > the kernel and vlock is not capable of changing it, it is not a vlock > bug either. I did not agree it is not a bug, because it allows breaking security scheme offered by vlock. But, for sure, I agree it's not a kernel bug, and not a vlock bug neither... Noone owns this vulnerability, but it is a vulnerability, as one of security mechanisms can be bypassed somehow :) _______________________________________________________________________ Michal Zalewski [lcamtufat_private] [link / marchew] [dione.ids.pl SYSADM] [Marchew Industries] ! [http://lcamtuf.na.export.pl] bash$ :(){ :|:&};: [voice phone: +48 (0) 22 813 25 86] ? [cellular phone: (0) 501 4000 69] Iterowac jest rzecza ludzka, wykonywac rekursywnie - boska [P. Deutsch]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:59:42 PDT