On Mon, Feb 06, 2006 at 08:26:55PM +0000, Pavel Machek wrote:
> Hi!
>
> > > The serial console driver has a host of issues
> > >
> > > [...]
> > >
> > > - [SECURITY] 'r' should require DCD to be asserted
> > > before outputing characters. Otherwise we talk to
> > > Hayes modem command mode. This allows a non-root
> > > user to re-program the modem and is a major security
> > > issue is people configure calling line identification
> > > or encryption to restrict use of the serial console.
> >
> > How is this possible? A normal user can't produce arbitarily formatted
> > kernel messages, and if they have access to /dev/ttyS they can do what
> > ever they like with the port anyway.
>
> Maybe not *arbitrary* messages, but any user probably can fake enough
> to
> confuse modem. Name your process \nATD609123456\n and cause it to eat
> all memory, or something like that. OOM killer will print name...
As I say, it's a problem which needs fixing elsewhere. What if
the process was called:
\nSystem Halted\n
(which will fit in the kernel's process name.) Or maybe some escape
sequence which reprograms your terminal.
As I say, this is a problem which needs solving by other means. Maybe
flush_old_exec() should be a little more careful about what it copies,
changing non-alphanumeric characters to '?' ?
--
Russell King
Linux kernel 2.6 ARM Linux - http://www.arm.linux.org.uk/
maintainer of: 2.6 Serial core
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
