Re: VT_PROCESS, VT_LOCKSWITCH capabilities

Frank Benkstein wrote:
> I wonder why there are different permissions needed for VT_PROCESS
> (access to the current virtual console) and VT_LOCKSWITCH
> (CAP_SYS_TTY_CONFIG).

To be more direct:

require CAP_SYS_TTY_CONFIG for VT_SETMODE as its essentially the same as
VT_LOCKSWITCH and said capability is already required there

diff --git a/drivers/char/vt_ioctl.c b/drivers/char/vt_ioctl.c
index c6f6f42..7034a68 100644
--- a/drivers/char/vt_ioctl.c
+++ b/drivers/char/vt_ioctl.c
@@ -662,7 +662,7 @@ int vt_ioctl(struct tty_struct *tty, struct file * file,
        {
                struct vt_mode tmp;

-               if (!perm)
+               if (!perm || !capable(CAP_SYS_TTY_CONFIG))
                        return -EPERM;
                if (copy_from_user(&tmp, up, sizeof(struct vt_mode)))
                        return -EFAULT;

-- 
GPG (Mail): 7093 7A43 CC40 463A 5564  599B 88F6 D625 BE63 866F
GPG (XMPP): 2243 DBBA F234 7C5A 6D71  3983 9F28 4D03 7110 6D51

Attachment: signature.asc
Description: OpenPGP digital signature

Follow-Ups:
- Re: VT_PROCESS, VT_LOCKSWITCH capabilities
  - From: Andrew Morton <[email protected]>

References:
- VT_PROCESS, VT_LOCKSWITCH capabilities
  - From: Frank Benkstein <[email protected]>

Prev by Date: eurotechwdt will cause reboot
Next by Date: [PATCH] [POWERPC] Typo fixes interrrupt -> interrupt
Previous by thread: VT_PROCESS, VT_LOCKSWITCH capabilities
Next by thread: Re: VT_PROCESS, VT_LOCKSWITCH capabilities
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Stuff] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind] [Linux Resources]