On Thu, 07 Jun 2007 16:20:07 +0200
Miloslav Trmac <[email protected]> wrote:
> Alan Cox napsal(a):
> >>> + if (filp->f_op->read == tty_read) {
> >>> + disable = 0;
> >>> + break;
> > Why says a tty will always have f->op->read == tty_read ?
> AFAICS from tty_io.c, it will always be tty_read or hung_up_tty_read.
> Normal user processes would exit after SIGHUP and not reopen a TTY.
>
> (I have copied the condition from __do_SAK(). That of course doesn't
> mean it's correct.)
> Mirek
Right it may be hung_up_tty_read that was what bothered me. I've had a
think through the different scenarios and I can't think of a simple one
where I can abuse this as the vhangup() path is current root triggered
and loses the tty (so I can't reopen on it)
There are more complex questions - what happens when the much needed
revoke() goes mainstream [and we fix all the security issues its lack
causes], and the case where I do
login on tty1
login on tty2
On tty1 run a process which sets nohup and causes a vhangup then opens
tty2 while tty2 command line is running some long running program that
doesn't take input that I could plausibly run legitimately (eg a long
complex sql query, or a slow security check etc)
Alan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
