[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: cons.saver exploit and /dev/vcsa* owner

On 13 Nov 2000, at 23:50, Marcin Owsiany wrote:

> However cons.saver.c says:
> /* This code does _not_ need to be setuid root. However, it needs
>    read/write access to /dev/vcsa* (which is priviledged 
>  [...]
> The question is: is there any reason that owner of /dev/vcsa* shouldn't be
> changed to 'vcsa' and then cons.saver (and probably some other programs as
> well) shouldn't be setuid vcsa?

Maybe the login program should change ownership of /dev/vcs* and 
/dev/vcsa* devices to user, who is logged in on the console.
And than would be no need to set  suid/sgid bit on cons.saver.



Reply to: