lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20140609140823.6013838d@alan.etchedpixels.co.uk>
Date:	Mon, 9 Jun 2014 14:08:23 +0100
From:	One Thousand Gnomes <gnomes@...rguk.ukuu.org.uk>
To:	Peter Hurley <peter@...leysoftware.com>
Cc:	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	linux-serial@...r.kernel.org, linux-kernel@...r.kernel.org,
	Valerio Vanni <valerio.vanni@...ind.it>
Subject: Re: [PATCH 1/2] serial: core: Don't drop DTR if system console

On Wed,  4 Jun 2014 10:16:10 -0400
Peter Hurley <peter@...leysoftware.com> wrote:

> If a tty is opened on a serial console, don't drop DTR on
> last tty close, on tty hangup, or when resetting port hardware
> via TIOCSSERIAL and TIOCSERCONFIG ioctls.
> 
> Signed-off-by: Peter Hurley <peter@...leysoftware.com>

NAK

This introduces a security flaw.

If you have a system with a remote console you dial into then with this
patch applied a modem drop eg from a bad line will no longer drop any
live session and ensure a login is required as it was before.

That's a pretty bad regression case.

If you are running a serial console and want to leave DTR high either
wire the cable that way or don't set HUPCL in the first place. The
technology for fixing this problem already exists!

Alan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ