From owner-freebsd-bugs Thu Jan 11 7:40:21 2001 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 3C30837B400 for ; Thu, 11 Jan 2001 07:40:04 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id f0BFe4M52048; Thu, 11 Jan 2001 07:40:04 -0800 (PST) (envelope-from gnats) Date: Thu, 11 Jan 2001 07:40:04 -0800 (PST) Message-Id: <200101111540.f0BFe4M52048@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org Cc: From: David Malone Subject: Re: misc/24254: Security hole in use of kbdcontrol Reply-To: David Malone Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The following reply was made to PR misc/24254; it has been noted by GNATS. From: David Malone To: arc_of_avalon@yahoo.com Cc: freebsd-gnats-submit@FreeBSD.org Subject: Re: misc/24254: Security hole in use of kbdcontrol Date: Thu, 11 Jan 2001 15:37:09 +0000 On Thu, Jan 11, 2001 at 07:02:24AM -0800, arc_of_avalon@yahoo.com wrote: > By default kbdcontrol is world executable and allows any local > user to change the keyboards of all the vty's, including any that > root is logged in to. This could allow a user to virtually disable > the console (non-X11) which, when used to activate an unusable > keymap, would require a reboot to correct. Note that kbdcontrol > does not affect the keymap in X11. A kernel option KBD_DISABLE_KEYMAP_LOAD currently exists, which stops people changing the keymap. I guess it would be possible to add a sysctl which stops people other than root changing the keymap setup. David. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message