Re: pam_console for debian
On Fri, Jul 26, 2002 at 02:00:14PM +0200, Russell Coker wrote:
> From what the device driver sees it'll be the same as if the application had
> been kill -STOP'd up until the time the application decides to close the file
> handle or gets killed (in which case the regular kernel operations for
> closing the file handle take place).
>
> There may be some device drivers which can't handle an application dieing in
> the middle of an operation, such hypothetical drivers are just buggy and the
> bugs can and will be triggered on non-SE systems as well.
I suspect there are some kernel drivers that only implement the low
level interface, and it is up the the application to do the high level
interface. Examples of this seem to be X (not that that matters here),
and digital cameras. When I plug my USB camera in, I don't see any
kernel driver for it... However, I do see a lot of suspicous drivers in
/usr/lib/gphoto2/2.0/*.so
Ideally, the kernel driver should be able to clean up anyway, and maybe
it is possible with USB(?). If you look at standard serial ports though,
there is no standard way that will always work where the kernel can
cancel the current operation without knowing the higher level protocol
being used.
> Besides, if you are in the middle of using your camera why would you want to
> logout?
Possible attack from mallicious user. Login. Run Screen. Type in
while true; do gphoto2 --get-all-images; done
detach screeen and logout. Wait for next user to login...
Of course this is just an ordinary Denial of Service attack, and a much
more obvious Denial of Service attack would be just to take the camera
;-).
--
Brian May <bam@debian.org>
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: