| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 01 Aug 2007 11:53:27 +0200 From: Frank Benkstein <frank-lkml@...kstein.net> To: Andrew Morton <akpm@...ux-foundation.org> CC: linux-kernel@...r.kernel.org Subject: Re: VT_PROCESS, VT_LOCKSWITCH capabilities Andrew Morton wrote: > On Wed, 01 Aug 2007 00:22:38 +0200 Frank Benkstein <frank-lkml@...kstein.net> wrote: > >> I wonder why there are different permissions needed for VT_PROCESS >> (access to the current virtual console) and VT_LOCKSWITCH >> (CAP_SYS_TTY_CONFIG). >> > Perhaps the issue with VT_LOCKSWITCH is that its effects will persist after > the user has logged out? So user A is effectively altering user B's > console, hence suitable capabilities are needed? > > Is the current code actually causing any observable problem? Both controls can be used to deny service to other users. For example: user B locks his X session or current console and walks off to lunch. User A walks up to user B's machine, switches to another console, logs in and execs program_that_does_vt_process. User B will not be able to continue work unless he/she can get user A or someone with CAP_KILL to kill the program. If remote logins aren't allowed, the only way I see to use the machine again is to reboot. I think VT_PROCESS (or VT_SETMODE respectively) should be protected with the same level of security as VT_LOCKSWITCH, i.e. CAP_SYS_TTY_CONFIG. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists