[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    Konsole - a security vs. portability problem
From:       Lars Doelle <lars.doelle () on-line ! de>
Date:       1999-01-06 6:30:29
[Download RAW message or body]

In the moment, konsole offers a security hole that allows local users to
hijack/monitor the (root) sessions. The regular method to protect
against this, is to do a chmod/chown on one of the devices within the
emulation. Doing so would require konsole to be run root/suid, which
raises more severe problems then it solves. Because i strongly dislike
root/suid programs for many reasons, I've digged out an ioctl for Linux
which does as desired, basically for the price of the solution not being
portable to other UNIXes, eventually.

Comments, anyone?

  Lars


["secure.patch" (text/plain)]

--- TEShell.C.ori	Mon Dec 21 01:16:00 1998
+++ TEShell.C	Sun Dec 27 17:18:35 1998
@@ -35,6 +35,7 @@
 #include <termios.h>
 #include <fcntl.h>
 #include <unistd.h>
+#include <asm/asm-i386/ioctls.h>
 #include <sys/ioctl.h>
 #include <grp.h>
 #include "../../config.h"
@@ -88,6 +89,7 @@
   emit done(status);
 }
 
+
 int Shell::run(QStrList & args, const char* term)
 {
   pid_t comm_pid = fork();
@@ -109,7 +111,7 @@
  
   // Don't know why, but his is vital for SIGHUP to find the child.
   // Could be, we get rid of the controling terminal by this.
-  for (int i = 0; i < getdtablesize(); i++) if (i != tt) close(i);
+  for (int i = 0; i < getdtablesize(); i++) if (i != tt && i != fd) close(i);
 
   dup2(tt,fileno(stdin));
   dup2(tt,fileno(stdout));
@@ -133,6 +135,11 @@
   setpgid(0,0);                        // is not noticeable with all
   close(open(dev, O_WRONLY, 0));       // clients (bash,vi). Because bash
   setpgid(0,0);                        // heals this, use '-e' to test it.
+
+  int flag = 1;
+  if (ioctl(fd,TIOCSPTLCK,&flag))      // prohibit opening tty from now on
+    perror("cannot set secure");
+  close(fd);
   
   // drop privileges
   setuid(getuid()); setgid(getgid());
@@ -186,6 +193,7 @@
   }
   if (ptyfd < 0) { fprintf(stderr,"Can't open a pseudo teletype\n"); exit(1); }
   fcntl(ptyfd,F_SETFL,O_NDELAY);
+printf("using: %s <-> %s\n",ptynam,ttynam);
 
   return ptyfd;
 }


[prev in list] [next in list] [prev in thread] [next in thread]