From owner-freebsd-bugs Thu Jan 11 7:10:19 2001 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id BB6E637B401 for ; Thu, 11 Jan 2001 07:10:01 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id f0BFA1d48985; Thu, 11 Jan 2001 07:10:01 -0800 (PST) (envelope-from gnats) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id A41B837B400 for ; Thu, 11 Jan 2001 07:02:24 -0800 (PST) Received: (from nobody@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id f0BF2Oa46027; Thu, 11 Jan 2001 07:02:24 -0800 (PST) (envelope-from nobody) Message-Id: <200101111502.f0BF2Oa46027@freefall.freebsd.org> Date: Thu, 11 Jan 2001 07:02:24 -0800 (PST) From: arc_of_avalon@yahoo.com To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-1.0 Subject: misc/24254: Security hole in use of kbdcontrol Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 24254 >Category: misc >Synopsis: Security hole in use of kbdcontrol >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Jan 11 07:10:01 PST 2001 >Closed-Date: >Last-Modified: >Originator: Arc >Release: 4.2-Stable >Organization: >Environment: FreeBSD selket.aww 4.2-STABLE FreeBSD 4.2-STABLE #5: Fri Dec 29 01:23:03 GMT 2000 root@selket.aww:/usr/src/sys/compile/SELKET i386 >Description: By default kbdcontrol is world executable and allows any local user to change the keyboards of all the vty's, including any that root is logged in to. This could allow a user to virtually disable the console (non-X11) which, when used to activate an unusable keymap, would require a reboot to correct. Note that kbdcontrol does not affect the keymap in X11. This bug seems to exist in all BSDs. >How-To-Repeat: As non-root, type kbdcontrol -l us.dvorak (or any non-qwerty keyboard, including one edited by the user in his home directory with all the keys set to "?" or similar). This will change the keyboard on all vty's and, if X11 is not running, would make it hard if not impossible (as would be the case with a keyboard full of ?'s) to change back. >Fix: This could be fixed by changing the permissions on kbdcontrol or only allowing root to change the keymap on all vty's (non-root only being able to change their own vty, which resets on logout). >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message