oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: virtual consoles

From: Solar Designer <solar () openwall com>
Date: Mon, 2 Dec 2019 18:28:12 +0100
On Mon, Dec 02, 2019 at 08:56:38AM -0800, Tavis Ormandy wrote:

Regardless of your position, this is certainly possible on desktop Linux
too, unprivileged users can start a new X server and switch virtual
console, even over ssh.

e.g.

$ dbus-send --system --print-reply --dest=org.freedesktop.login1 /org/freedesktop/login1/seat/seat0 
org.freedesktop.login1.Seat.SwitchTo uint32:2

(note: object paths may vary by distro, change the 2 to a different
number if you're already on VT2, or seat0 if you're on a different seat)


If this in fact works over SSH and from a user account different than
the one logged in on the currently active virtual console, then I'd say
it's a vulnerability on its own, regardless of the social engineering
aspects you mention.

Why does this functionality even exist?


Should this have some policykit action requirement, or require physical
presence? I don't know the answer.


Maybe simply drop the misfeature?

Alexander
Previous By Date Next
Previous By Thread Next

Current thread: