DragonFly bugs List (threaded) for 2004-06
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]

Re: kbdcontrol -l affects all vty's, not just the current one

From:	"nntp.dragonflybsd.org" <memmerto@xxxxxxxxx>
Date:	Mon, 21 Jun 2004 00:04:07 -0400

"Chris Pressey" <cpressey@xxxxxxxxxxxxxxx> wrote in message
news:20040620173840.656ff23e.cpressey@xxxxxxxxxxxxxxxxxx
> While testing Tim Wickberg's kbdmap submission I found an interesting
> bug in syscons.  Keyboard mappings are global to syscons rather than
> per-vty.  I've tried it on FreeBSD 4.9 and it has the same behaviour, so
> it's something we've inherited.  To reproduce it, try this:
>
> - login in one vty as an unprivledged user
> - kbdcontrol -l a_different_keymap_file_from_what_you_usually_use
> - switch to another vty
> - login as root
> - type something.
>
> It's not so much a serious security hole as it's just offensive to UNIX
> sensibilities of how an unprivledged user is not supposed to be able to
> change the properties of something they don't own :-/

Agreed.

> (Simon 'corecode' Schubert pointed out that, even if the kbdmap was
> per-vty, nothing would stop an unprivledged user from loading a keyboard
> map of all NUL's, which would disable further logins and/or switching to
> another vty.  So I'm not really sure what can be done about it...)

1) Make keyboard maps per-vty.
2) Make root the only user able to change keyboard maps on vtys.

If both of these changes are implemented, then only root users can shoot
themselves in the foot with an all-NULL keyboard map.

--
Matt Emmerton

Follow-Ups:
- Re: kbdcontrol -l affects all vty's, not just the current one
  - From: Simon 'corecode' Schubert

References:
- kbdcontrol -l affects all vty's, not just the current one
  - From: Chris Pressey

[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]