shadow chown(tty) - problem

Richard Lightman richard at
Sun Sep 1 05:32:57 PDT 2002

* Richard Lightman <richard at> [2002-09-01 13:20]:
> * YuX <yux at> [2002-09-01 08:29]:
> > 
> > #ifdef __linux__
> >  /*
> >   * Please don't add code to chown /dev/vcs* to the user logging in -
> >   * it's a potential security hole.  I wouldn't like the previous user
> >   * to hold the file descriptor open and watch my screen.  We don't
> >   * have the *BSD revoke() system call yet, and vhangup() only works
> >   * for tty devices (which vcs* is not).  --marekm
> >   */
> > #endif
> > 
> I could get conlogin (which is setuid) to kill this sort of thing.
> I will get back to you if it works.
It works.

Now can anyone see a problem with this:

Root logs in, set up some process which has a valid reason to access
a device, then logs out with the process still running. User logs in,
and his .bash_profile runs conlogin. Conlogin sees from its config file
(writable only by root), that some devices need to be owned by user.
One of these devices is being used by that process root set up.
conlogin kills it.

Unsubscribe: send email to listar at
and put 'unsubscribe lfs-dev' in the subject header of the message

More information about the lfs-dev mailing list