shadow chown(tty) - problem

Bill Maltby LFS Related lfsbill at wlmcs.com
Sun Sep 1 06:42:21 PDT 2002


On Sun, 1 Sep 2002, Richard Lightman wrote:

> * Richard Lightman <richard at nezumi.plus.com> [2002-09-01 13:20]:
> > * YuX <yux at cg.ukrtel.net> [2002-09-01 08:29]:
> > > 
> > > #ifdef __linux__
> > >  /*
> > >   * Please don't add code to chown /dev/vcs* to the user logging in -
> > >   * it's a potential security hole.  I wouldn't like the previous user
> > >   * to hold the file descriptor open and watch my screen.  We don't
> > >   * have the *BSD revoke() system call yet, and vhangup() only works
> > >   * for tty devices (which vcs* is not).  --marekm
> > >   */
> > > #endif
> > > 
> > 
> > I could get conlogin (which is setuid) to kill this sort of thing.
> > I will get back to you if it works.
> > 
> It works.
> http://www.nezumi.plus.com/conlogin
> 
> Now can anyone see a problem with this:
> 
> Root logs in, set up some process which has a valid reason to access
> a device, then logs out with the process still running. User logs in,
> and his .bash_profile runs conlogin. Conlogin sees from its config file
> (writable only by root), that some devices need to be owned by user.
> One of these devices is being used by that process root set up.
> conlogin kills it.

Security question? Has the spy process acquired the user login and
password before conlogin kills it?

> Richard

Bill Maltby
billm at wlmcs.com

-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-dev' in the subject header of the message



More information about the lfs-dev mailing list