From owner-freebsd-security  Tue Jun 30 02:37:19 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id CAA13289
          for freebsd-security-outgoing; Tue, 30 Jun 1998 02:37:19 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from hydrogen.nike.efn.org (resnet.uoregon.edu [128.223.144.32])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id CAA13253
          for <freebsd-security@FreeBSD.ORG>; Tue, 30 Jun 1998 02:36:55 -0700 (PDT)
          (envelope-from gurney_j@efn.org)
Received: (from jmg@localhost)
          by hydrogen.nike.efn.org (8.8.8/8.8.7) id CAA28972;
          Tue, 30 Jun 1998 02:36:43 -0700 (PDT)
Message-ID: <19980630023639.02857@hydrogen.nike.efn.org>
Date: Tue, 30 Jun 1998 02:36:39 -0700
From: John-Mark Gurney <gurney_j@efn.org>
To: andrewr <andrewr@slack.net>
Cc: Christoph Kukulies <kuku@gilberto.physik.RWTH-Aachen.DE>,
        freebsd-security@FreeBSD.ORG
Subject: Re: xlock
References: <199806290632.IAA00836@gilberto.physik.RWTH-Aachen.DE> <Pine.NEB.3.96.980629081835.12717A-100000@brooklyn.slack.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.69
In-Reply-To: <Pine.NEB.3.96.980629081835.12717A-100000@brooklyn.slack.net>; from andrewr on Mon, Jun 29, 1998 at 08:27:49AM -0400
Reply-To: John-Mark Gurney <gurney_j@resnet.uoregon.edu>
Organization: Cu Networking
X-Operating-System: FreeBSD 2.2.6-STABLE i386
X-PGP-Fingerprint: B7 EC EF F8 AE ED A7 31  96 7A 22 B3 D8 56 36 F4
X-Files: The truth is out there
X-URL: http://resnet.uoregon.edu/~gurney_j/
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

andrewr scribbled this message on Jun 29:
> Also, I am porting a console locking program (doesn't allow VT switching),
> from linux, but I have been having trouble with the actual stopping of the
> allowing of VT switching.  I have tried setting vtmode to be handled by
> the process, then using an ioctl to execute this.  This failed.  Then, I
> tried using flock(), that failed.  If you have any ideas and would like to
> know what I did before (dealing with flock() and ioctl(), just ask).

I have modifications to lock that does this...  it really isn't hard...
you just simply modify the relsig of vt_mode to a signal, and simply
ignore the signal...  syscons will only switch away when you tell it
that it can...

this is how X restores the video mode for syscons...

> On Mon, 29 Jun 1998, Christoph Kukulies wrote:
> 
> > 
> > Alarmed by recent buffer overflow attacks on Linux machines in
> > my vicinity (an exploit for this is available) I thought about
> > xlock under FreeBSD and would like to know whether the
> > security hole has been sorted out under FreeBSD 2.2.x or what
> > measures are advised to prevent it.

p.s. why do people not spend the 2 seconds it takes to remove sigs??

-- 
  John-Mark Gurney                              Voice: +1 541 683 7109
  Cu Networking					  P.O. Box 5693, 97405

  Live in Peace, destroy Micro$oft, support free software, run FreeBSD
	    Don't trust anyone you don't have the source for

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message