Date: Tue, 10 Dec 1996 15:35:12 +0100 (MET) From: Christoph Kukulies <kuku@gilberto.physik.rwth-aachen.de> To: roberte@mep.ruhr-uni-bochum.de (Robert Eckardt) Cc: kuku@gilberto.physik.rwth-aachen.de, dwhite@resnet.uoregon.edu, freebsd-questions@freefall.freebsd.org Subject: Re: xconsole - /dev/console Message-ID: <199612101435.PAA15354@gilberto.physik.rwth-aachen.de> In-Reply-To: <199612101238.NAA06444@ghost.mep.ruhr-uni-bochum.de> from Robert Eckardt at "Dec 10, 96 01:38:52 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> > > On Mon, 9 Dec 1996, Christoph Kukulies wrote: > > > > > > > Is there a way to allow a normal user to use xconsole or would > > > > opening /dev/console to the world compromise security? > > > > > > ? People have to run startx or log into a xdm-controlled terminal, so > > > they're authenticated. > > > > It's not that I want to inhibit users seeing the console > > messages, it was just the point if changing /dev/console's permissions > > could compromise security anyhow. > > I've seen /dev/console having crw--w--w- on a Linux system. > > This is usually done by the Give/TakeConsole scripts of xdm. > TakeConsole: > chmod 622 /dev/console <<<--------- > chown root /dev/console > GiveConsole: > # By convention, both xconsole and xterm -C check that the > # console is owned by the invoking user and is readable before attaching > # the console output. This way a random user can invoke xterm -C without > # causing serious grief. > # > chown $USER /dev/console > > This way only the user at the console logging in via xdm can use > /dev/console, but all can _send_messages_ there. Thus, console isn't > opened to "the world" this way. This may work for the xdm login mechanism but it doesn't work for startx. I don't use xdm for variuous reasons. First off I don't have a des xdm - I have des passwords but I havn't yet had time to compile a DES xdm. Secondly, xdm always was prone to memory leaks or was causing the Xserver to leak memory. I don't know how it is presently but that's why I'm always afraid using xdm. > I don't know whether this has serious implications on security (like world > readable disk devices :-) > > Robert > > > --Chris Christoph P. U. Kukulies kuku@gil.physik.rwth-aachen.de > > -- > Robert Eckardt \\ FreeBSD -- solutions for a large universe.(tm) > RobertE@MEP.Ruhr-Uni-Bochum.de \\ What do you want to boot tomorrow ?(tm) > http://WWW.MEP.Ruhr-Uni-Bochum.de/~roberte > For PGP-key finger roberte@gluon.MEP.Ruhr-Uni-Bochum.de > --Chris Christoph P. U. Kukulies kuku@gil.physik.rwth-aachen.de
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199612101435.PAA15354>