cons.saver exploit and /dev/vcsa* owner
[ Note: cons.saver is a console saving proggie provided by mc ]
A cons.saver exploit has been recently posted to bugtraq. It's bad, because
cons.saver is setuid root.
However cons.saver.c says:
/* This code does _not_ need to be setuid root. However, it needs
read/write access to /dev/vcsa* (which is priviledged
operation). You should create user vcsa, make cons.saver setuid
user vcsa, and make all vcsa's owned by user vcsa.
Seeing other peoples consoles is bad thing, but believe me, full
root is even worse. */
The question is: is there any reason that owner of /dev/vcsa* shouldn't be
changed to 'vcsa' and then cons.saver (and probably some other programs as
well) shouldn't be setuid vcsa?
regards
Marcin
--
+--------------------------------+ The reason we come up with new versions
|Marcin Owsiany | is not to fix bugs. It's the stupidest
|porridge@pandora.info.bielsko.pl| reason to buy a new version
+--------------------------------+ I ever heard. - Bill Gates
Reply to: