Re: VT_PROCESS, VT_LOCKSWITCH capabilities

From: Frank Benkstein
Date: Tue Jul 31 2007 - 23:04:19 EST

Next message: Gabriel C: "[PATCH] [POWERPC] Typo fixes interrrupt -> interrupt"
Previous message: Dave Young: "eurotechwdt will cause reboot"
In reply to: Frank Benkstein: "VT_PROCESS, VT_LOCKSWITCH capabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Frank Benkstein wrote:
> I wonder why there are different permissions needed for VT_PROCESS
> (access to the current virtual console) and VT_LOCKSWITCH
> (CAP_SYS_TTY_CONFIG).

To be more direct:

require CAP_SYS_TTY_CONFIG for VT_SETMODE as its essentially the same as
VT_LOCKSWITCH and said capability is already required there

diff --git a/drivers/char/vt_ioctl.c b/drivers/char/vt_ioctl.c
index c6f6f42..7034a68 100644
--- a/drivers/char/vt_ioctl.c
+++ b/drivers/char/vt_ioctl.c
@@ -662,7 +662,7 @@ int vt_ioctl(struct tty_struct *tty, struct file * file,
{
struct vt_mode tmp;

- if (!perm)
+ if (!perm || !capable(CAP_SYS_TTY_CONFIG))
return -EPERM;
if (copy_from_user(&tmp, up, sizeof(struct vt_mode)))
return -EFAULT;

--
GPG (Mail): 7093 7A43 CC40 463A 5564 599B 88F6 D625 BE63 866F
GPG (XMPP): 2243 DBBA F234 7C5A 6D71 3983 9F28 4D03 7110 6D51

Attachment: signature.asc
Description: OpenPGP digital signature

Next message: Gabriel C: "[PATCH] [POWERPC] Typo fixes interrrupt -> interrupt"
Previous message: Dave Young: "eurotechwdt will cause reboot"
In reply to: Frank Benkstein: "VT_PROCESS, VT_LOCKSWITCH capabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]