On Wed, 6 Jan 1999, Lars Doelle wrote: > uwe@uwix.alt.na wrote: > > > On Wed, 6 Jan 1999, Lars Doelle wrote: > > > > > In the moment, konsole offers a security hole that allows local users to > > > hijack/monitor the (root) sessions. The regular method to protect > > > against this, is to do a chmod/chown on one of the devices within the > > > emulation. Doing so would require konsole to be run root/suid, which > > > raises more severe problems then it solves. Because i strongly dislike > > > root/suid programs for many reasons, I've digged out an ioctl for Linux > > > which does as desired, basically for the price of the solution not being > > > portable to other UNIXes, eventually. > > > > > > Comments, anyone? > > > > If it isn't protable it isn't a solution. :-( > > > > There is a solution: > > > > Let konsole run suid root. > > > > In main() before you do anything else you pick a pty, chown you.users > > it, chmod go-rw it. Immediately thereafter you give up root privileges > > _completely and forever_! > > > > Uwe, it always helps to post problems like this on the list. I wasn't really > aware that i certainly can do that _without_ root priviledges. > > But there remain three issues. I'm opening _more_ then one connection > eventually, so i cannot drop the priviledges without droping the "Session" > feature also. Additionally, the concerned administrator of a system may not > grant root/suid privileges to konsole just because someone uses it. As a last > point, i'm not willing to accept the obligation to keep konsole unfailable > during the whole devopment cycle. Well, the 'session' feature is a killer argument. On systems where root privileges are necessary the only secure way I can see is to drop the sessions feature. I mean those who've chosen an inferior system have to suffer a bit. ;-) We have to address all security concers thouroughly. Uwe > > > > > You might think you have a problem this way on exit because you can't > > chown root.root the pty. But that is not necessary!!!! All you must do > > is chmod go+wr on exit. And that you _can_ do without root privileges! > > > > This way you can do all the root stuff before you even touch KDE, Qt, > > and X. Should be fairly safe. > > > > Uwe > > > > ------------------------------------------------------------------------- > > Uwe Thiem Tel: +264 - 061 - 244511 > > P.O.Box 30955 Fax: +264 - 061 - 244511 > > Windhoek Email: uwe@uwix.alt.na > > Republic of Namibia uwe@kde.org > > http://www.kde.org > > ********************************** > > You can still escape from the GATES of hell: Use KDE! > > ------------------------------------------------------------------------- > ------------------------------------------------------------------------- Uwe Thiem Tel: +264 - 061 - 244511 P.O.Box 30955 Fax: +264 - 061 - 244511 Windhoek Email: uwe@uwix.alt.na Republic of Namibia uwe@kde.org http://www.kde.org ********************************** You can still escape from the GATES of hell: Use KDE! -------------------------------------------------------------------------