Re: VT_PROCESS, VT_LOCKSWITCH capabilities

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 01 Aug 2007 00:22:38 +0200 Frank Benkstein <[email protected]> wrote:

> I wonder why there are different permissions needed for VT_PROCESS
> (access to the current virtual console) and VT_LOCKSWITCH
> (CAP_SYS_TTY_CONFIG).
> 
> The first one lets the calling process decide if console switching is
> allowed, the second one simply disables it.  If a program wants to
> forbid console switching the only technical difference I can see is that
> switching is automatically reenabled when the program exits when using
> VT_PROCESS.  When using VT_LOCKSWITCH it must be manually reenabled.
> When the program uses the first method and disables terminal signals and
> SysRQ is disabled, too, I see no practical difference between the two.

It'd take some kernel archaeology to work out how things got the way they
are.

Perhaps the issue with VT_LOCKSWITCH is that its effects will persist after
the user has logged out?  So user A is effectively altering user B's
console, hence suitable capabilities are needed?

Is the current code actually causing any observable problem?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux