Bugtraq mailing list archives
Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x
From: johnsonm () REDHAT COM (Michael K. Johnson)
Date: Wed, 25 Aug 1999 12:33:57 -0400
Michal Zalewski writes:
-------- vlock -a -------- Compromise: locally, unlocking VCs switching under certain conditions When 'vlock -a' is called, console switching is completely disabled using ioctl() call on /dev/ttyX device. Under certain conditions, this protection can be fooled. Let's imagine following situation: user X is logged on tty6 - oh, abbandoned session ;) while root is playing on other consoles. After some time, he/she issued 'vlock -a' and gone somewhere. But, if user X is still logged on any console, and he's able to login once more, remotelly, he could open /dev/tty6 (in our example, as it's owned by him), then... use ioctl() (as it's not restricted to superusers!!!) to enable console switching.
This is not a bug in vlock; what's more, it's not a bug. To change this behaviour in the way Michal wants would require that all console-switching activity be controlled only by root. This would have a detrimental effect on security, because it would increase the number of setuid applications on the system. So this is not a kernel bug, and since the behaviour Michal wants would have to be enforced in the kernel and vlock is not capable of changing it, it is not a vlock bug either. michaelkjohnson "Magazines all too frequently lead to books and should be regarded by the prudent as the heavy petting of literature." -- Fran Lebowitz Linux Application Development http://people.redhat.com/johnsonm/lad/
Current thread:
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Andreas Jaeger (Aug 24)
- <Possible follow-ups>
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Olaf Kirch (Aug 25)
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Benjamin Smee (Aug 29)
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Michael K. Johnson (Aug 25)
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Michal Zalewski (Jul 04)
- [patch] ProFTPd remote root exploit Nic Bellamy (Aug 29)
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Michael K. Johnson (Aug 25)
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Michal Zalewski (Jul 04)
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Josip Rodin (Aug 25)
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Chris Butler (Aug 28)