On Sat, Jun 30, 2001 at 11:10:40PM +0200, Rudolf Polzer wrote:
> There is a problem concerning chvt. A normal user can run a
>
> bash$ while [ 1 ]; do chvt 11; done
>
> which cannot be killed using the console (only remotely, virtually never
> on a nonnetworked multiuser machine). So I changed the kernel source code
> so that only the superuser may change terminals.
The person at the console on a nonnetworked machine
can make life difficult for himself in a great variety of ways.
(E.g., try running
#include <signal.h>
main(){int i;for(i=1; i<32; i++)signal(i,SIG_IGN); while(1);}
on all VTs.)
It would not increase security when root privileges were needed
in all such cases.
Andries
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sat Jun 30 2001 - 21:00:24 EST