PATCH: drivers/char/vt.c allows virtually locking up nonnetworked machine

Rudolf Polzer (rpolzer@durchnull.de)
Sat, 30 Jun 2001 23:10:40 +0200


There is a problem concerning chvt. A normal user can run a

bash$ while [ 1 ]; do chvt 11; done

which cannot be killed using the console (only remotely, virtually never
on a nonnetworked multiuser machine). So I changed the kernel source code
so that only the superuser may change terminals.

Since renaming/deleting chvt is no solution (chvt is a simple ioctl call),
it seems to be the simplest way to prevent this. Console switching
using Ctrl-Alt-Fkey still works, as well as X, so probably there are
no implications in most cases.

But, since this may be too restrictive for some applications, I would
recommend making this a configuration option. Unfortunately I do not
know how to do this :(

--- drivers/char/vt.c.orig Mon Jun 25 09:00:28 2001
+++ drivers/char/vt.c Sat Jun 30 23:02:56 2001
@@ -435,10 +435,16 @@

/*
* To have permissions to do most of the vt ioctls, we either have
- * to be the owner of the tty, or super-user.
+ * to be the owner of the tty, or super-user. Only the superuser
+ * if you want added security.
+ */
+
+ /*
+ * disable a security hole, therefore the first check is commented
+ * out!
*/
perm = 0;
- if (current->tty == tty || suser())
+ if (/* current->tty == tty || */ suser())
perm = 1;

kbd = kbd_table + console;
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/