Re: VT_PROCESS, VT_LOCKSWITCH capabilities

Frank Benkstein wrote:
> I wonder why there are different permissions needed for VT_PROCESS
> (access to the current virtual console) and VT_LOCKSWITCH
> (CAP_SYS_TTY_CONFIG).

To be more direct:

require CAP_SYS_TTY_CONFIG for VT_SETMODE as its essentially the same as
VT_LOCKSWITCH and said capability is already required there

diff --git a/drivers/char/vt_ioctl.c b/drivers/char/vt_ioctl.c
index c6f6f42..7034a68 100644
--- a/drivers/char/vt_ioctl.c
+++ b/drivers/char/vt_ioctl.c
@@ -662,7 +662,7 @@ int vt_ioctl(struct tty_struct *tty, struct file * file,
        {
                struct vt_mode tmp;

-               if (!perm)
+               if (!perm || !capable(CAP_SYS_TTY_CONFIG))
                        return -EPERM;
                if (copy_from_user(&tmp, up, sizeof(struct vt_mode)))
                        return -EFAULT;

-- 
GPG (Mail): 7093 7A43 CC40 463A 5564  599B 88F6 D625 BE63 866F
GPG (XMPP): 2243 DBBA F234 7C5A 6D71  3983 9F28 4D03 7110 6D51

Attachment: signature.asc
Description: OpenPGP digital signature

---

• Follow-Ups:
  • Re: VT_PROCESS, VT_LOCKSWITCH capabilities
    • From: Andrew Morton <[email protected]>

• References:
  • VT_PROCESS, VT_LOCKSWITCH capabilities
    • From: Frank Benkstein <[email protected]>

• Prev by Date: eurotechwdt will cause reboot
• Next by Date: [PATCH] [POWERPC] Typo fixes interrrupt -> interrupt
• Previous by thread: VT_PROCESS, VT_LOCKSWITCH capabilities
• Next by thread: Re: VT_PROCESS, VT_LOCKSWITCH capabilities
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]