oss-sec mailing list archives
Re: virtual consoles
From: Simon McVittie <smcv () debian org>
Date: Tue, 3 Dec 2019 12:34:14 +0000
On Mon, 02 Dec 2019 at 08:56:38 -0800, Tavis Ormandy wrote:
unprivileged users can start a new X server and switch virtual console, even over ssh. e.g. $ dbus-send --system --print-reply --dest=org.freedesktop.login1 /org/freedesktop/login1/seat/seat0 org.freedesktop.login1.Seat.SwitchTo uint32:2
If a uid who is not already the owner of the current VT on the seat can
do this, then that's probably a bug? If you think so, please report it
to the maintainers of logind (which is the component that would have to
change to address this).
I would have expected this to be gated by a check that the uid of the
caller (the D-Bus client, in this case the dbus-send process) matches the
uid of the current VT on that seat (so you can voluntarily switch away
from your own session, but other users can't force you to), or a polkit
check that the caller is root-equivalent, or some combination of those.
In particular, checking that the uid matches the VT's owner's uid would be
enough to let unprivileged X and Wayland servers implement the expected
"switch to other VT" handling for Ctrl+Alt+F1..Ctrl+Alt+F12.
smcv
Current thread:
- virtual consoles Tavis Ormandy (Dec 02)
- Re: virtual consoles Solar Designer (Dec 02)
- Re: virtual consoles Tavis Ormandy (Dec 02)
- Re: virtual consoles Leonid Isaev (Dec 02)
- Re: virtual consoles Leonid Isaev (Dec 02)
- Re: virtual consoles Georgi Guninski (Dec 03)
- Re: virtual consoles Simon McVittie (Dec 03)
- Re: virtual consoles Tavis Ormandy (Dec 03)
- Re: virtual consoles Solar Designer (Dec 02)