Re: cons.saver exploit and /dev/vcsa* owner

To: Debian Developement Mailinglist <debian-devel@lists.debian.org>
Subject: Re: cons.saver exploit and /dev/vcsa* owner
From: "Robert Luberda" <robert@pingu.ii.uj.edu.pl>
Date: Tue, 14 Nov 2000 14:28:11 +0100
Message-id: <[🔎] 3A114BFB.15276.4F42D9F.A@robertl>
In-reply-to: <[🔎] 20001113235004.A18861@piglet.ds14.agh.edu.pl>

On 13 Nov 2000, at 23:50, Marcin Owsiany wrote:

> 
> However cons.saver.c says:
> 
> /* This code does _not_ need to be setuid root. However, it needs
>    read/write access to /dev/vcsa* (which is priviledged 
>  [...]
> The question is: is there any reason that owner of /dev/vcsa* shouldn't be
> changed to 'vcsa' and then cons.saver (and probably some other programs as
> well) shouldn't be setuid vcsa?

Maybe the login program should change ownership of /dev/vcs* and 
/dev/vcsa* devices to user, who is logged in on the console.
And than would be no need to set  suid/sgid bit on cons.saver.

Regards,

Robert

Reply to:

Follow-Ups:
- Re: cons.saver exploit and /dev/vcsa* owner
  - From: Petr Cech <cech@atrey.karlin.mff.cuni.cz>

References:
- cons.saver exploit and /dev/vcsa* owner
  - From: Marcin Owsiany <porridge@pandora.info.bielsko.pl>

Prev by Date: Re: VIRUS WARNING
Next by Date: Re: cons.saver exploit and /dev/vcsa* owner
Previous by thread: cons.saver exploit and /dev/vcsa* owner
Next by thread: Re: cons.saver exploit and /dev/vcsa* owner
Index(es):
- Date
- Thread