cons.saver exploit and /dev/vcsa* owner

To: Debian Developement Mailinglist <debian-devel@lists.debian.org>
Subject: cons.saver exploit and /dev/vcsa* owner
From: Marcin Owsiany <porridge@pandora.info.bielsko.pl>
Date: Mon, 13 Nov 2000 23:50:04 +0100
Message-id: <[🔎] 20001113235004.A18861@piglet.ds14.agh.edu.pl>
Mail-followup-to: Debian Developement Mailinglist <debian-devel@lists.debian.org>

[ Note: cons.saver is a console saving proggie provided by mc ]

A cons.saver exploit has been recently posted to bugtraq. It's bad, because
cons.saver is setuid root.

However cons.saver.c says:

/* This code does _not_ need to be setuid root. However, it needs
   read/write access to /dev/vcsa* (which is priviledged
   operation). You should create user vcsa, make cons.saver setuid
   user vcsa, and make all vcsa's owned by user vcsa.

   Seeing other peoples consoles is bad thing, but believe me, full
   root is even worse. */

The question is: is there any reason that owner of /dev/vcsa* shouldn't be
changed to 'vcsa' and then cons.saver (and probably some other programs as
well) shouldn't be setuid vcsa?

regards

Marcin

-- 
+--------------------------------+ The reason we come up with new versions
|Marcin Owsiany                  | is not to fix bugs. It's the stupidest
|porridge@pandora.info.bielsko.pl| reason to buy a new version
+--------------------------------+ I ever heard.            - Bill Gates

Reply to:

Follow-Ups:
- Re: cons.saver exploit and /dev/vcsa* owner
  - From: "Robert Luberda" <robert@pingu.ii.uj.edu.pl>

Prev by Date: RE: Craig Sanders
Next by Date: Re: Craig Sanders
Previous by thread: ITA: an (Very fast anagram generator)
Next by thread: Re: cons.saver exploit and /dev/vcsa* owner
Index(es):
- Date
- Thread