On Wed, 01 Aug 2007 00:22:38 +0200 Frank Benkstein <[email protected]> wrote:
> I wonder why there are different permissions needed for VT_PROCESS
> (access to the current virtual console) and VT_LOCKSWITCH
> (CAP_SYS_TTY_CONFIG).
>
> The first one lets the calling process decide if console switching is
> allowed, the second one simply disables it. If a program wants to
> forbid console switching the only technical difference I can see is that
> switching is automatically reenabled when the program exits when using
> VT_PROCESS. When using VT_LOCKSWITCH it must be manually reenabled.
> When the program uses the first method and disables terminal signals and
> SysRQ is disabled, too, I see no practical difference between the two.
It'd take some kernel archaeology to work out how things got the way they
are.
Perhaps the issue with VT_LOCKSWITCH is that its effects will persist after
the user has logged out? So user A is effectively altering user B's
console, hence suitable capabilities are needed?
Is the current code actually causing any observable problem?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
