'Re: Konsole - a security vs. portability problem'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    Re: Konsole - a security vs. portability problem
From:       Lars Doelle <lars.doelle () on-line ! de>
Date:       1999-01-06 14:48:28
[Download RAW message or body]

Stephan Kulow wrote:

> Lars Doelle wrote:
> >
> > In the moment, konsole offers a security hole that allows local users to
> > hijack/monitor the (root) sessions. The regular method to protect
> > against this, is to do a chmod/chown on one of the devices within the
> > emulation. Doing so would require konsole to be run root/suid, which
> > raises more severe problems then it solves. Because i strongly dislike
> > root/suid programs for many reasons, I've digged out an ioctl for Linux
> > which does as desired, basically for the price of the solution not being
> > portable to other UNIXes, eventually.
> >
> > Comments, anyone?
> >
> >   Lars
> >
> >   ------------------------------------------------------------------------
> > --- TEShell.C.ori       Mon Dec 21 01:16:00 1998
> > +++ TEShell.C   Sun Dec 27 17:18:35 1998
> > @@ -35,6 +35,7 @@
> >  #include <termios.h>
> >  #include <fcntl.h>
> >  #include <unistd.h>
> > +#include <asm/asm-i386/ioctls.h>
> >  #include <sys/ioctl.h>
> >  #include <grp.h>
> >  #include "../../config.h"
>
> That doesn't even run on all Linux variants! I don't think this is a
> solution.

Naa, wouldn't be that bad. Don't know how the requiered define made it into
asm-i386...
Having had a look into the kernel sources before, i belief that this feature is
available on every Linux port.

> A security problem is a security problem even if you fix it for one
> variant
> of one Unix.

Sure, but i do not like to ignore the local particularities nor did we evere
decide to code for every UNIX. Knowing that konsole does well on at least
FreeBSD, HPUX and Solaris, is a nice property, though. For Linux, this is best
solution i know of. It really adresses all the issues. The problem is how to
cope with other UNIXes. I'm especially concerned if this way is portable to
FreeBSD. Please see another posting for problems and a possible way to cope
with them in other UNIXes.

>
> Greetings, Stephan
>
> --
> As long as Linux remains a religion of freeware fanatics,
> Microsoft have nothing to worry about.
>                        By Michael Surkan, PC Week Online

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic