[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

cons.saver exploit and /dev/vcsa* owner

[ Note: cons.saver is a console saving proggie provided by mc ]

A cons.saver exploit has been recently posted to bugtraq. It's bad, because
cons.saver is setuid root.

However cons.saver.c says:

/* This code does _not_ need to be setuid root. However, it needs
   read/write access to /dev/vcsa* (which is priviledged
   operation). You should create user vcsa, make cons.saver setuid
   user vcsa, and make all vcsa's owned by user vcsa.

   Seeing other peoples consoles is bad thing, but believe me, full
   root is even worse. */

The question is: is there any reason that owner of /dev/vcsa* shouldn't be
changed to 'vcsa' and then cons.saver (and probably some other programs as
well) shouldn't be setuid vcsa?



+--------------------------------+ The reason we come up with new versions
|Marcin Owsiany                  | is not to fix bugs. It's the stupidest
|porridge@pandora.info.bielsko.pl| reason to buy a new version
+--------------------------------+ I ever heard.            - Bill Gates

Reply to: