Date: Wed, 3 Apr 2002 20:20:57 +0300 From: Ruslan Ermilov <ru@FreeBSD.org> To: Terry Lambert <tlambert2@mindspring.com>, Nate Williams <nate@yogotech.com> Cc: current@FreeBSD.org, Dag-Erling Smorgrav <des@ofug.org> Subject: Re: HEADS UP: UCONSOLE option has been phased out Message-ID: <20020403172057.GA66530@sunbay.com> In-Reply-To: <15531.12095.96796.595854@caddis.yogotech.com> <3CAAFA34.BA0056B9@mindspring.com> References: <20020403110238.GA25860@sunbay.com> <15531.8536.63698.443590@caddis.yogotech.com> <xzp8z844u9k.fsf@flood.ping.uio.no> <15531.12095.96796.595854@caddis.yogotech.com> <20020403110238.GA25860@sunbay.com> <3CAAFA34.BA0056B9@mindspring.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--OgqxwSJOaUobr8KG Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Apr 03, 2002 at 04:48:52AM -0800, Terry Lambert wrote: > Ruslan Ermilov wrote: > > Hi! > >=20 > > This is a JFYI that the UCONSOLE kernel option has been phased > > out as insecure. Fix your configs. >=20 > Cool. >=20 > I guess you will be making xconsole SUID so that it can still > grab the console, right? On Wed, Apr 03, 2002 at 09:35:11AM -0700, Nate Williams wrote: > > > However, it was required for some X applications to work correctly, > > > which is why it was still being used. > >=20 > > No, it's just required for them to work when run by unprivileged > > users. >=20 > Things like xconsole *are* run by unprivileged users. : $ cat /etc/X11/xdm/GiveConsole : #!/bin/sh : # Assign ownership of the console to the invoking user : # $XConsortium: GiveConsole,v 1.2 93/09/28 14:29:20 gildea Exp $ : # : # By convention, both xconsole and xterm -C check that the : # console is owned by the invoking user and is readable before attaching : # the console output. This way a random user can invoke xterm -C without : # causing serious grief. : # : chown $USER /dev/console Cheers, --=20 Ruslan Ermilov Sysadmin and DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age --OgqxwSJOaUobr8KG Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8qzn5Ukv4P6juNwoRAqvKAJ933LdEe2wAV5ITKyzOT8FxPEhTYgCfZxv4 lP6eKDPFCoUr8YePNsLSf7M= =s+2o -----END PGP SIGNATURE----- --OgqxwSJOaUobr8KG-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020403172057.GA66530>