Re: tty: add 'active' sysfs attribute to tty0 and console device
From: Lennart Poettering
Date: Tue Nov 16 2010 - 17:58:58 EST
On Tue, 16.11.10 22:51, Alan Cox (alan@xxxxxxxxxxxxxxxxxxx) wrote:
>
> On Tue, 16 Nov 2010 22:42:50 +0100
> Lennart Poettering <mzxreary@xxxxxxxxxxx> wrote:
>
> > On Tue, 16.11.10 20:49, Alan Cox (alan@xxxxxxxxxxxxxxxxxxx) wrote:
> >
> > > /dev/tty* and sysfs nodes don't track permissions, owner with each other,
> > > so you are providing interfaces that either expose information they
> > > shouldn't (which screen is valuable info in some environments), or don't
> > > expose info they should.
> >
> > Well, I find the informatoin who is logged in much more valuable then
> > the information whether I am active or not.
>
> Well thats fine for your machine, what about the rest of us ?
I think most people (except maybe you) find it more security relevant if
it is leaked who's logged in and on which tty then it is to know whether
that's the active session or not.
And as long as we have no problem with letting everybody know who is
logged in, and on which tty we shouldn't waste brain cells on discussing
whether it is a problem if they also find out whether that login is
currently active or not.
Also, sysfs supports perms just fine. If you don't want people to see
it, then just chmod 600 the sysfs file, and nobody can see it
anymore. That's a trivial thing to do. It's a lot more difficult to hide
who's logged in, since the user who is logged in takes possession of the
tty file which everybody can see and stat(), even if not open().
This is really a pointless discussion. Security is not an issue
here. Which tty is currently active is completely boring information,
and the least we should think about.
Lennart
--
Lennart Poettering - Red Hat, Inc.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/