Re: TIOCCONS security revisited

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



>The problem is that TIOCCONS causes security problems.
>
>Please rehash what I wrote in the thread. Essentially, these are my
>points (citing myself here):

If you insist, I will rehash them, though they are not really relevant.

>    the ioctl TIOCCONS allows any user to redirect console output to
>    another tty. This allows anyone to suppress messages to the console
>    at will.

I do not propose returning to this situation.

>[and in a later mail:]
>    Changing the ownership on /dev/console causes security problems
>    (that user can usually access the current virtual terminal anytime,
>    and the current one may not belong to him).

If this is seen as a problem, it should be fixed in the virtual
terminal system. /dev/console and TIOCCONS exist and work in many
Unices, not just Linux.

>Also I refered to a security advisory for SunOS which describes one of
>the problems (hijacking):
>http://www.cert.org/advisories/CA-1990-12.html

And how did Sun fix it? They fixed it by restricting TIOCCONS to users
who have read access to the console - more liberal than my proposal!

>And I said that there are alternatives to /dev/console, and a commonly
>used one is /dev/xconsole (see below how to use this). It does not have

I do not have the option of using /dev/xconsole.
I use machines that I don't administer, and on all of them for the
last 15 years until the recent breakage, "xterm -C" worked.

>syslog/syslog-ng). But it also does not receive the messages that are
>simply written to /dev/console.

Exactly. I have an array of programs that write to /dev/console in the
expectation that the message will be read by the person sitting at the
console.

>The latter problem still needs to be fixed, but is seldom a real
>problem. AFAICS nowadays only scripts that run at boot time write to
>/dev/console. The user has several ways to look at these messages

As I have indicated, there is a world outside your experience of
Linux. As well as my own scripts, the machines one which I work are
set up to have syslog write urgent messages to /dev/console.

>If you want this problem fixed, consider copying messages to
>/dev/console with a demon to a logging facility. Have a look at
>bootlogd/blogd.

I do not administer the machines. If you hadn't broken TIOCCONS,
everything would still work.

>All this can be done by using /dev/xconsole.

Which is not available.

>Xconsole fails because by default it tries to use /dev/console. You can
>avoid that by setting the resources to point to another file, e.g.
>/dev/xconsole:

which is not available.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux