lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <m1wsdz892h.fsf@frodo.ebiederm.org>
Date:	Wed, 17 Dec 2008 01:06:30 -0800
From:	ebiederm@...ssion.com (Eric W. Biederman)
To:	Andrew Morton <akpm@...ux-foundation.org>,
	Alan Cox <alan@...rguk.ukuu.org.uk>
CC:	<linux-kernel@...r.kernel.org>
Subject: [RFC][PATCH] fix xconsole.


Long ago xconsole broke (a regression) and it has been a mystery to
me.  One of my coworkers mentioned it again and I happened to been
looking at code in the vicinity and I finally figured out what
happened.

>From the tty_ioctl manpage  TIOCCONS is documented as:
  Redirecting console output
       TIOCCONS  void
              Redirect output that would have gone to /dev/console or
              /dev/tty0 to the given tty.  If that was a pty master,
              send it to the slave.  Anybody can do this as long as
              the output was not redirected yet.  If it was redirected
              already EBUSY is returned, but root may stop redirection
              by using this ioctl with fd pointing at /dev/console or
              /dev/tty0.


And it used to match the implementation. But then we had what appears
to be an overzealous security fix.

The console messages may only be redirected once, and root may perform
that initial redirection.  So I don't see why it is a security issue.

Do we have a better way to see console messages when we are in X?
I haven't seen it. 

Perhaps if we had a working xconsole we would have less random spew to
the console.

> commit adc281202e9c8824c3d1688a109bc5f19b6184d1
> Author: od <od>
> Date:   Tue Oct 19 14:59:16 2004 +0000
> 
>     [PATCH] TIOCCONS security
>     
>     The ioctl TIOCCONS allows any user to redirect console output to another
>     tty.  This allows anyone to suppress messages to the console at will.
>     
>     AFAIK nowadays not many programs write to /dev/console, except for start
>     scripts and the kernel (printk() above console log level).
>     
>     Still, I believe that administrators and operators would not like any user
>     to be able to hijack messages that were written to the console.
>     
>     The only user of TIOCCONS that I am aware of is bootlogd/blogd, which runs
>     as root.  Please comment if there are other users.
>     
>     Is there any reason why normal users should be able to use TIOCCONS?
>     
>     Otherwise I would suggest to restrict access to root (CAP_SYS_ADMIN), e.g.
>     with this patch.
>     
>     Signed-off-by: Andrew Morton <akpm@...l.org>
>     Signed-off-by: Linus Torvalds <torvalds@...l.org>
>     
>     BKrev: 41752bc4MrRxTUxDRjvfWObhWFXPyA

Signed-off-by: "Eric W. Biederman" <ebiederm@...ssion.com>

---
diff --git a/drivers/char/tty_io.c b/drivers/char/tty_io.c
index 1412a8d..44794a9 100644
--- a/drivers/char/tty_io.c
+++ b/drivers/char/tty_io.c
@@ -2128,10 +2128,10 @@ static int tiocswinsz(struct tty_struct *tty, struct tty_struct *real_tty,
 
 static int tioccons(struct file *file)
 {
-	if (!capable(CAP_SYS_ADMIN))
-		return -EPERM;
 	if (file->f_op->write == redirected_tty_write) {
 		struct file *f;
+		if (!capable(CAP_SYS_ADMIN))
+			return -EPERM;
 		spin_lock(&redirect_lock);
 		f = redirect;
 		redirect = NULL;
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ