On Fri, Feb 03, 2006 at 12:28:46PM +1030, Glen Turner wrote:
> Hi Alan,
>
> The serial console driver has a host of issues
>
> [...]
>
> - [SECURITY] 'r' should require DCD to be asserted
> before outputing characters. Otherwise we talk to
> Hayes modem command mode. This allows a non-root
> user to re-program the modem and is a major security
> issue is people configure calling line identification
> or encryption to restrict use of the serial console.
How is this possible? A normal user can't produce arbitarily formatted
kernel messages, and if they have access to /dev/ttyS they can do what
ever they like with the port anyway.
(If a user can produce arbitarily formatted kernel messages, that in
itself is a security bug - how do you know if that OOPS was produced
by a malicious user, or a real oops?)
> - 'r' option has insanely slow CTS timeout. So if a
> terminal server is inactive the kernel can take
> 30 minutes to boot as each character write to the
> serial console requires a CTS timeout.
You'd rather we threw away these messages?
> I occassionally clean up and repost a patch I wrote years
> ago which never gets integrated (although it ships in the
> patchset of a number of kernels from supercomputer vendors).
> I'm happy to clean it up again if there's a hope of
> integration.
It'd help if you talked to the right person - I've been looking after
the serial layer since 2.5.something.
--
Russell King
Linux kernel 2.6 ARM Linux - http://www.arm.linux.org.uk/
maintainer of: 2.6 Serial core
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
