[1623] in linux-security and linux-alert archive
[linux-security] Re: tty chowning
daemon@ATHENA.MIT.EDU (Theodore Y. Ts'o)
Sat Sep 27 02:16:34 1997
Date: Fri, 26 Sep 1997 15:01:18 -0400
From: "Theodore Y. Ts'o" <tytso@MIT.EDU>
To: David Holland <dholland@eecs.harvard.edu>
Cc: linux-security@redhat.com, linux-kernel@vger.rutgers.edu
In-Reply-To: David Holland's message of Fri, 26 Sep 1997 07:26:09 -0400 (EDT),
<199709261126.HAA25602@burgundy.eecs.harvard.edu>
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com
From: David Holland <dholland@eecs.harvard.edu>
Date: Fri, 26 Sep 1997 07:26:09 -0400 (EDT)
Why not build chowning into this process? On TIOCSCTTY, the tty would
chown itself to the effective uid of the current process and chmod
itself to 620. Then, on close, the tty would chown itself back to
root and chmod itself to 666.
It's a not a bad idea, but it's not clear it meets your goal of not
requiring any changes of any binaries. The problem is that in many
cases, the TIOCSCTTY happens before the effective uid is set. For
example, in the getty/login case, the controlling tty is established
even before we know who is going to be logging in.
- Ted
--
----------------------------------------------------------------------
Please refere to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe: mail -s unsubscribe test-list-request@redhat.com < /dev/null