Re: security / kbd

From: Andries Brouwer
Date: Sat Dec 03 2005 - 13:11:22 EST


On Sat, Dec 03, 2005 at 06:19:47PM +0100, Bodo Eggert wrote:

> > But there are many ways of using such a file descriptor.
> > This patch cripples the keymap changing but does not solve anything.
>
> Obviously it solves only a part. OTOH you can't keep an exploit open just
> because there is another exploit.
> Like I said, use chmod u+s loadkeys.

Hmm. There is an obscure security problem. It was fixed in a bad way -
people want to say unicode_start and unicode_stop and find that that
fails today. Ach.

You argue "you can't keep an exploit open" - but as far as I can see
there is no problem that needs solving in kernel space.
For example - today login does a single vhangup() for the login tty.
In case that is a VC it could do a vhangup() for all VCs.
That looks like a better solution.

And "chmod u+s loadkeys" - you can't be serious..
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/