Re: owner for /dev/vcsa*

To: debian-security@lists.debian.org
Subject: Re: owner for /dev/vcsa*
From: Frank Dietrich <ABLEsoft@gmx.de>
Date: Thu, 28 Oct 2004 23:00:38 +0200
Message-id: <[🔎] 20041028230038.2b71e617@travel.earth>
In-reply-to: <[🔎] 1098960927.10767.2.camel@atmosphere>
References: <[🔎] 41809243.6050207@gmx.de> <[🔎] 1098960927.10767.2.camel@atmosphere>

Hi Matthias,

Matthias Kestenholz <lists@irregular.ch> wrote:
> On Thu, 2004-10-28 at 08:31 +0200, Frank Dietrich wrote:
> > can I get into some failures when I change the owner for all
> > /dev/vcsa devices to an other user the root, e.g. vcsa?
> > 
> > Background: The /usr/lib/mc/cons.saver needs read support for this
> > device. I will change owner for this file to vcsa and setuid it.
> 
> Another (imho simpler and safer) approach would be to change the
> group of /dev/vcsa f.e. to "vcsa" (if this group does not exist yet
> you can create it) and give the group read access to these files. 

I played around and found that my and your solution not acceptable.

home:~/ > su
home:~/ > addgroup vcsa
home:~/ > chown root.vcsa /dev/vcsa?
home:~/ > chmod g+r+w /dev/vcsa?
home:~/ > adduser frank vcsa
home:~/ > adduser test vcsa

e.g.
- frank login on console 2 and user test on console 3
- user test can see what on console 2
  cat /dev/vcsa2 > screendump

And when I change the owner from cons.saver to vcsa and setuid it,
it's not so simple to look an someone other's console. But's also not
realy safe.

Is there any way to set the owner for the /dev/vcsa? to the
logged user? Like the rights on /dev/tty?

Frank

Reply to:

References:
- owner for /dev/vcsa*
  - From: Frank Dietrich <ABLEsoft@gmx.de>
- Re: owner for /dev/vcsa*
  - From: Matthias Kestenholz <lists@irregular.ch>

Prev by Date: Re: forming a security team for testing
Next by Date: Re: forming a security team for testing
Previous by thread: Re: owner for /dev/vcsa*
Next by thread: Re: [SECURITY] [DSA 575-1] New catdoc packages fix temporary file vulnerability
Index(es):
- Date
- Thread