Re: Breakage from patch: Only root should be able to set the N_MOUSEline discipline.

From: Linus Torvalds
Date: Tue Mar 01 2005 - 11:18:06 EST

Next message: Folkert van Heusden: "Re: [PATCH] SELinux: null dereference in error path"
Previous message: Gerd Knorr: "Re: Potentially dead bttv cards from 2.6.10"
In reply to: Alan Cox: "Re: Breakage from patch: Only root should be able to set theN_MOUSE line discipline."
Next in thread: Vojtech Pavlik: "Re: Breakage from patch: Only root should be able to set the N_MOUSE line discipline."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 1 Mar 2005, Vojtech Pavlik wrote:
>
> A nonprivileged user could inject mouse movement and/or keystrokes
> (using the sunkbd driver) into the input subsystem, taking over the
> console/X, where another user is logged in.
>
> Simply using a slightly modified inputattach on a PTY will do the trick.

Might an alternative be to just make writes to N_MOUSE require privileges?

Ie "reading is ok, and changing to N_MOUSE is ok, but tryign to write a
mouse packet is not"? The check should be easy enough to add to the
ldisc.write thing?

Linus
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Folkert van Heusden: "Re: [PATCH] SELinux: null dereference in error path"
Previous message: Gerd Knorr: "Re: Potentially dead bttv cards from 2.6.10"
In reply to: Alan Cox: "Re: Breakage from patch: Only root should be able to set theN_MOUSE line discipline."
Next in thread: Vojtech Pavlik: "Re: Breakage from patch: Only root should be able to set the N_MOUSE line discipline."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]