Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 10 Dec 1996 13:38:52 +0100 (MET)
From:      Robert Eckardt <roberte@mep.ruhr-uni-bochum.de>
To:        kuku@gilberto.physik.RWTH-Aachen.DE
Cc:        dwhite@resnet.uoregon.edu, kuku@gilberto.physik.RWTH-Aachen.DE, freebsd-questions@freefall.freebsd.org
Subject:   Re: xconsole - /dev/console
Message-ID:  <199612101238.NAA06444@ghost.mep.ruhr-uni-bochum.de>
In-Reply-To: <199612100811.JAA13923@gilberto.physik.rwth-aachen.de> from Christoph Kukulies at "10. Dec. 96  9:11:21"
next in thread | previous in thread | raw e-mail | index | archive | help 
> > On Mon, 9 Dec 1996, Christoph Kukulies wrote:
> > 
> > > Is there a way to allow a normal user to use xconsole or would
> > > opening /dev/console to the world compromise security?
> > 
> > ?  People have to run startx or log into a xdm-controlled terminal, so
> > they're authenticated.
> 
> It's not that I want to inhibit users seeing the console
> messages, it was just the point if changing /dev/console's permissions
> could compromise security anyhow.
> I've seen /dev/console having crw--w--w- on a Linux system.

This is usually done by the Give/TakeConsole scripts of xdm.
TakeConsole:
  chmod 622 /dev/console            <<<---------
  chown root /dev/console
GiveConsole:
  # By convention, both xconsole and xterm -C check that the
  # console is owned by the invoking user and is readable before attaching
  # the console output.  This way a random user can invoke xterm -C without
  # causing serious grief.
  #
  chown $USER /dev/console

This way only the user at the console logging in via xdm can use
/dev/console, but all can _send_messages_ there. Thus, console isn't
opened to "the world" this way.
I don't know whether this has serious implications on security (like world
readable disk devices :-)

Robert

> --Chris Christoph P. U. Kukulies kuku@gil.physik.rwth-aachen.de

-- 
Robert Eckardt                \\ FreeBSD -- solutions for a large universe.(tm)
RobertE@MEP.Ruhr-Uni-Bochum.de \\       What do you want to boot tomorrow ?(tm)
http://WWW.MEP.Ruhr-Uni-Bochum.de/~roberte
For PGP-key finger roberte@gluon.MEP.Ruhr-Uni-Bochum.de

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199612101238.NAA06444>