| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 9 Jun 2014 14:08:23 +0100 From: One Thousand Gnomes <gnomes@...rguk.ukuu.org.uk> To: Peter Hurley <peter@...leysoftware.com> Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>, linux-serial@...r.kernel.org, linux-kernel@...r.kernel.org, Valerio Vanni <valerio.vanni@...ind.it> Subject: Re: [PATCH 1/2] serial: core: Don't drop DTR if system console On Wed, 4 Jun 2014 10:16:10 -0400 Peter Hurley <peter@...leysoftware.com> wrote: > If a tty is opened on a serial console, don't drop DTR on > last tty close, on tty hangup, or when resetting port hardware > via TIOCSSERIAL and TIOCSERCONFIG ioctls. > > Signed-off-by: Peter Hurley <peter@...leysoftware.com> NAK This introduces a security flaw. If you have a system with a remote console you dial into then with this patch applied a modem drop eg from a bad line will no longer drop any live session and ensure a login is required as it was before. That's a pretty bad regression case. If you are running a serial console and want to leave DTR high either wire the cable that way or don't set HUPCL in the first place. The technology for fixing this problem already exists! Alan -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists