[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-kernel
Subject:    Disabling VT switching as non-root in 2.4.25
From:       Rokob Tibor Andras <rokoba () elte ! hu>
Date:       2004-03-31 22:31:20
Message-ID: 20040331223119.GA6825 () elte ! hu
[Download RAW message or body]

Hi,

Trying the 'vlock' software (virtual console locking tool,
http://freshmeat.net/projects/vlock), and looking at
drivers/char/vt.c in kernel 2.4.25 I found the following:

There are two ioctls (VT_LOCKSWITCH,VT_UNLOCKSWITCH) which
are intended to lock and unlock the changing of virtual
consoles. According to the kernel code they are available to the
super-user only. However, by doing a VT_SETMODE ioctl to VT_PROCESS, 
and denying to release the VT by giving 0 to VT_RELDISP, it is possible
to disable VT switching as non-root ('vlock' is a working example
which is able to do this).

I mean this is not only an inconsistency among the permissions needed by
different system calls, but a small 'security hole' (a user who has
access to the console may completely lock it, and it can only be
unlocked by logging in as root from the network (if there is any) and
killing the user's process).

The problem affects the 2.4.x kernel series including the last
released 2.4.25 and according to its ChangeLog also 2.4.26-rc1.
(It seems to me by a quick look that drivers/char/vt_ioctl.c in 2.6.3 
behaves the same; I didn't check against 2.2.x and 2.0.x series).

Regards,
Andras Rokob
rokoba@elte.hu

My PGP public key is available from bolyai.elte.hu.

["signature.asc" (application/pgp-signature)]
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[prev in list] [next in list] [prev in thread] [next in thread]