oss-sec mailing list archives
Re: virtual consoles
From: Solar Designer <solar () openwall com>
Date: Mon, 2 Dec 2019 18:28:12 +0100
On Mon, Dec 02, 2019 at 08:56:38AM -0800, Tavis Ormandy wrote:
Regardless of your position, this is certainly possible on desktop Linux too, unprivileged users can start a new X server and switch virtual console, even over ssh. e.g. $ dbus-send --system --print-reply --dest=org.freedesktop.login1 /org/freedesktop/login1/seat/seat0 org.freedesktop.login1.Seat.SwitchTo uint32:2 (note: object paths may vary by distro, change the 2 to a different number if you're already on VT2, or seat0 if you're on a different seat)
If this in fact works over SSH and from a user account different than the one logged in on the currently active virtual console, then I'd say it's a vulnerability on its own, regardless of the social engineering aspects you mention. Why does this functionality even exist?
Should this have some policykit action requirement, or require physical presence? I don't know the answer.
Maybe simply drop the misfeature? Alexander
Current thread:
- virtual consoles Tavis Ormandy (Dec 02)
- Re: virtual consoles Solar Designer (Dec 02)
- Re: virtual consoles Tavis Ormandy (Dec 02)
- Re: virtual consoles Leonid Isaev (Dec 02)
- Re: virtual consoles Leonid Isaev (Dec 02)
- Re: virtual consoles Georgi Guninski (Dec 03)
- Re: virtual consoles Simon McVittie (Dec 03)
- Re: virtual consoles Tavis Ormandy (Dec 03)
- Re: virtual consoles Solar Designer (Dec 02)