From owner-freebsd-questions  Tue Dec 10 01:11:50 1996
Return-Path: <owner-questions>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.4/8.8.4) id BAA29492
          for questions-outgoing; Tue, 10 Dec 1996 01:11:50 -0800 (PST)
Received: from Campino.Informatik.RWTH-Aachen.DE (campino.Informatik.RWTH-Aachen.DE [137.226.116.240])
          by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id BAA29476
          for <freebsd-questions@freefall.freebsd.org>; Tue, 10 Dec 1996 01:11:43 -0800 (PST)
Received: from gilberto.physik.rwth-aachen.de (gilberto.physik.rwth-aachen.de [137.226.31.2]) by Campino.Informatik.RWTH-Aachen.DE (RBI-Z-5/8.6.12)
	with ESMTP id KAA02286; Tue, 10 Dec 1996 10:12:48 +0100 (MET)
Received: (from kuku@localhost) by gilberto.physik.rwth-aachen.de (8.8.3/8.6.9) id JAA13923; Tue, 10 Dec 1996 09:11:37 +0100 (MET)
From: Christoph Kukulies <kuku@gilberto.physik.rwth-aachen.de>
Message-Id: <199612100811.JAA13923@gilberto.physik.rwth-aachen.de>
Subject: Re: xconsole - /dev/console
In-Reply-To: <Pine.BSI.3.94.961209161556.1382X-100000@gdi.uoregon.edu> from Doug White at "Dec 9, 96 04:17:22 pm"
To: dwhite@resnet.uoregon.edu
Date: Tue, 10 Dec 1996 09:11:37 +0100 (MET)
Cc: kuku@gilberto.physik.rwth-aachen.de,
        freebsd-questions@freefall.freebsd.org
Reply-To: Christoph Kukulies <kuku@gilberto.physik.rwth-aachen.de>
X-Mailer: ELM [version 2.4ME+ PL28 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-questions@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

> On Mon, 9 Dec 1996, Christoph Kukulies wrote:
> 
> > Is there a way to allow a normal user to use xconsole or would
> > opening /dev/console to the world compromise security?
> 
> ?  People have to run startx or log into a xdm-controlled terminal, so
> they're authenticated.

It's not that I want to inhibit users seeing the console
messages, it was just the point if changing /dev/console's permissions
could compromise security anyhow.
I've seen /dev/console having crw--w--w- on a Linux system.

> 
> The console is inherently insecure as the three finger salute works from
> there.  They also probably have access to the power switch, so being
> really picky about console security isn't very worthwhile unless the
> machine is locked in a safe.
> 
> Doug White                              | University of Oregon  
> Internet:  dwhite@resnet.uoregon.edu    | Residence Networking Assistant
> http://gladstone.uoregon.edu/~dwhite    | Computer Science Major
> 
> 

--Chris Christoph P. U. Kukulies kuku@gil.physik.rwth-aachen.de