Date: Tue, 14 Oct 2008 08:05:20 +1100 From: Edwin Groothuis <edwin@mavetju.org> To: Jeremy Chadwick <koitsu@FreeBSD.org> Cc: "Carlos A. M. dos Santos" <unixmania@gmail.com>, freebsd-stable@freebsd.org, Jeff Blank <jb000002@mr-happy.com> Subject: Re: can't see non-root writes to /dev/console Message-ID: <20081013210520.GA71471@mavetju.org> In-Reply-To: <20081013052353.GA10013@icarus.home.lan> References: <20080910203445.GA8561@mr-happy.com> <e71790db0809101854k1b9d75dck2efb3fee8ee67826@mail.gmail.com> <e71790db0810122216n54593f5dn577b148496e1e2ee@mail.gmail.com> <20081013052353.GA10013@icarus.home.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Oct 12, 2008 at 10:23:53PM -0700, Jeremy Chadwick wrote: > > The ioctl call fails (EPERM) because only superuser can use TIOCCONS, > > regardless the ownership of the device. Using xterm with the "-C" > > argument works because xterm is installed with the setuid flag bit on. > > So the solution is "chmod +us xconsole". > > Can someone security audit this program before blindly setuid-root'ing > it? Isn't xconsole not just the same values as /var/log/messages ? So information-leaking-wise it isn't a huge deal. Only the program itself is now the unknown. Edwin -- Edwin Groothuis Website: http://www.mavetju.org/ edwin@mavetju.org Weblog: http://www.mavetju.org/weblog/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081013210520.GA71471>