From owner-freebsd-stable@FreeBSD.ORG  Mon Oct 13 21:22:59 2008
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 59A051065686
	for <freebsd-stable@freebsd.org>; Mon, 13 Oct 2008 21:22:59 +0000 (UTC)
	(envelope-from edwin@mavetju.org)
Received: from k7.mavetju.org (ppp121-44-62-136.lns10.syd7.internode.on.net
	[121.44.62.136])
	by mx1.freebsd.org (Postfix) with ESMTP id 0F3948FC18
	for <freebsd-stable@freebsd.org>; Mon, 13 Oct 2008 21:22:59 +0000 (UTC)
	(envelope-from edwin@mavetju.org)
Received: by k7.mavetju.org (Postfix, from userid 1001)
	id C301A4505B; Tue, 14 Oct 2008 08:05:20 +1100 (EST)
Date: Tue, 14 Oct 2008 08:05:20 +1100
From: Edwin Groothuis <edwin@mavetju.org>
To: Jeremy Chadwick <koitsu@FreeBSD.org>
Message-ID: <20081013210520.GA71471@mavetju.org>
References: <20080910203445.GA8561@mr-happy.com>
	<e71790db0809101854k1b9d75dck2efb3fee8ee67826@mail.gmail.com>
	<e71790db0810122216n54593f5dn577b148496e1e2ee@mail.gmail.com>
	<20081013052353.GA10013@icarus.home.lan>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20081013052353.GA10013@icarus.home.lan>
User-Agent: Mutt/1.4.2.3i
Cc: "Carlos A. M. dos Santos" <unixmania@gmail.com>, freebsd-stable@freebsd.org,
	Jeff Blank <jb000002@mr-happy.com>
Subject: Re: can't see non-root writes to /dev/console
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Oct 2008 21:22:59 -0000

On Sun, Oct 12, 2008 at 10:23:53PM -0700, Jeremy Chadwick wrote:
> > The ioctl call fails (EPERM) because only superuser can use TIOCCONS,
> > regardless the ownership of the device. Using xterm with the "-C"
> > argument works because xterm is installed with the setuid flag bit on.
> > So the solution is "chmod +us  xconsole".
> 
> Can someone security audit this program before blindly setuid-root'ing
> it?

Isn't xconsole not just the same values as /var/log/messages ?

So information-leaking-wise it isn't a huge deal. Only the program
itself is now the unknown.

Edwin
-- 
Edwin Groothuis		Website: http://www.mavetju.org/
edwin@mavetju.org	Weblog:  http://www.mavetju.org/weblog/