Bug#818118: security-tracker: It's possible for any user to steal root console output
Package: security-tracker
Severity: normal
Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate ***
* What led up to the situation?
* What exactly did you do (or not do) that was effective (or
ineffective)?
* What was the outcome of this action?
1. Open root console
2. apt-get any framebuffer grabbing utility (e.g. fbgrab)
3. switch to a graphical interface of any other user
4. run "fbgrab /path/whatever.png"
5. Now you've got a root console output, with possibly its secret information
* What outcome did you expect instead?
This may sound ridiculous but I don't want regular users to be able to watch over another user consoles. Especially root console. You know, anyone on the computer can just launch a script that will grab the root console output continiously revealing everything the root was doing.
*** End of the template - remove these template lines ***
This may be hardware-specific, so in this case - I'm using AMD graphics card with "radeon" driver.
-- System Information:
Debian Release: 8.3
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 3.16.0-4-686-pae (SMP w/2 CPU cores)
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Reply to: