Michal Zalewski writes: >-------- >vlock -a >-------- > >Compromise: locally, unlocking VCs switching under certain conditions > >When 'vlock -a' is called, console switching is completely disabled using >ioctl() call on /dev/ttyX device. Under certain conditions, this >protection can be fooled. Let's imagine following situation: user X is >logged on tty6 - oh, abbandoned session ;) while root is playing on >other consoles. After some time, he/she issued 'vlock -a' and gone >somewhere. But, if user X is still logged on any console, and he's able to >login once more, remotelly, he could open /dev/tty6 (in our example, as >it's owned by him), then... use ioctl() (as it's not restricted to >superusers!!!) to enable console switching. This is not a bug in vlock; what's more, it's not a bug. To change this behaviour in the way Michal wants would require that all console-switching activity be controlled only by root. This would have a detrimental effect on security, because it would increase the number of setuid applications on the system. So this is not a kernel bug, and since the behaviour Michal wants would have to be enforced in the kernel and vlock is not capable of changing it, it is not a vlock bug either. michaelkjohnson "Magazines all too frequently lead to books and should be regarded by the prudent as the heavy petting of literature." -- Fran Lebowitz Linux Application Development http://people.redhat.com/johnsonm/lad/
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:59:18 PDT