Bug#334113: [Secure-testing-team] Re: kernel allows loadkeys to be used by any user, allowing for local root compromise

To: Anthony DeRobertis <anthony@derobert.net>
Cc: unlisted-recipients: ;(no To-header on input), Horms <horms@verge.net.au>, security@kernel.org, team@security.debian.org, 334113@bugs.debian.org, linux-kernel@vger.kernel.org, Rudolf Polzer <debian-ne@durchnull.de>, Alastair McKinstry <mckinstry@debian.org>, secure-testing-team@lists.alioth.debian.org
Subject: Bug#334113: [Secure-testing-team] Re: kernel allows loadkeys to be used by any user, allowing for local root compromise
From: Krzysztof Halasa <khc@pm.waw.pl>
Date: Wed, 19 Oct 2005 13:00:45 +0200
Message-id: <m3slux22le.fsf@defiant.localdomain>
Reply-to: Krzysztof Halasa <khc@pm.waw.pl>, 334113@bugs.debian.org
In-reply-to: <4355C812.80103@derobert.net> (Anthony DeRobertis's message of "Wed, 19 Oct 2005 00:14:10 -0400")
References: <E1EQofT-0001WP-00@master.debian.org> <20051018044146.GF23462@verge.net.au> <m37jcakhsm.fsf@defiant.localdomain> <4355C812.80103@derobert.net>

Anthony DeRobertis <anthony@derobert.net> writes:

> Well, you can configure a single vty to only allow logins from admins.
> Then you avoid the fake login problem, but not the loadkeys problem
> (since that affects all vtys)

Just a guess... Can you use loadkeys to change keys used for switching VTs?
I would investigate switchvt (or how is it named) too.
-- 
Krzysztof Halasa

Reply to:

Prev by Date: Processed: Re: Bug#334348: kernel-kbuild-2.6-3: Warning for mismatched gcc versions suggested
Next by Date: Processed: Re: Bug#333522: possible problem cause: wait4(-1)
Previous by thread: Processed: Re: Bug#334348: kernel-kbuild-2.6-3: Warning for mismatched gcc versions suggested
Next by thread: Processed: Re: Bug#333522: possible problem cause: wait4(-1)
Index(es):
- Date
- Thread