[1623] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: tty chowning

daemon@ATHENA.MIT.EDU (Theodore Y. Ts'o)
Sat Sep 27 02:16:34 1997

Date: Fri, 26 Sep 1997 15:01:18 -0400
From: "Theodore Y. Ts'o" <tytso@MIT.EDU>
To: David Holland <dholland@eecs.harvard.edu>
Cc: linux-security@redhat.com, linux-kernel@vger.rutgers.edu
In-Reply-To: David Holland's message of Fri, 26 Sep 1997 07:26:09 -0400 (EDT),
	<199709261126.HAA25602@burgundy.eecs.harvard.edu>
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com

   From: David Holland <dholland@eecs.harvard.edu>
   Date: 	Fri, 26 Sep 1997 07:26:09 -0400 (EDT)

   Why not build chowning into this process? On TIOCSCTTY, the tty would
   chown itself to the effective uid of the current process and chmod
   itself to 620. Then, on close, the tty would chown itself back to
   root and chmod itself to 666.

It's a not a bad idea, but it's not clear it meets your goal of not
requiring any changes of any binaries.  The problem is that in many
cases, the TIOCSCTTY happens before the effective uid is set.  For
example, in the getty/login case, the controlling tty is established
even before we know who is going to be logging in.

						- Ted

--
----------------------------------------------------------------------
Please refere to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe: mail -s unsubscribe test-list-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post