In August 2004, Olaf Dabrunz posted a patch, which appears to have got
into 2.6.10, restricting TIOC_CONS to CAP_SYS_ADMIN .
He justified this by claiming that normal users don't need to grab the
console output.
I disagree. Normal users log into the desktop of their machine, and
should expect to be able to see the console output just as much as if
they logged into "the console" and worked without graphics.
For example, I want to know when the machine I'm working on has
problems, when somebody is probing sshd, and simply when one of my
batch jobs wants to tell me something.
Further, on our systems, I own the console (ownership is transferred
to the user by the login procedure), so it's daft that I can't call TIOCCONS
on it.
I propose that a better security test would be:
user owns /dev/console OR has CAP_SYS_ADMIN .
It should then be the responsibility of the log-out procedure to
cancel redirections when it changes the ownership of devices back to
root.
In December '04, Lars posted about this breakage, and proposed a
simpler patch, allowing general TIOCCONS but restricting cancellation
(as per documentation), but I didn't see anything happen to this.
Any comments? If none, I'll propose a patch.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]