Re: security / kbd - Andries Brouwer

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Andries Brouwer <Andries.Brouwer@cwi.nl>
To: Bodo Eggert <7eggert@gmx.de>
Cc: Andries Brouwer <Andries.Brouwer@cwi.nl>,
	linux-kernel@vger.kernel.org, akpm@osdl.org, horms@verge.net.au
Subject: Re: security / kbd
Date: Sat, 3 Dec 2005 19:11:40 +0100	[thread overview]
Message-ID: <20051203181140.GA25534@apps.cwi.nl> (raw)
In-Reply-To: <Pine.LNX.4.58.0512031650450.2051@be1.lrz>

On Sat, Dec 03, 2005 at 06:19:47PM +0100, Bodo Eggert wrote:

> > But there are many ways of using such a file descriptor.
> > This patch cripples the keymap changing but does not solve anything.
> 
> Obviously it solves only a part. OTOH you can't keep an exploit open just 
> because there is another exploit.
> Like I said, use chmod u+s loadkeys.

Hmm. There is an obscure security problem. It was fixed in a bad way -
people want to say unicode_start and unicode_stop and find that that
fails today. Ach.

You argue "you can't keep an exploit open" - but as far as I can see
there is no problem that needs solving in kernel space.
For example - today login does a single vhangup() for the login tty.
In case that is a VC it could do a vhangup() for all VCs.
That looks like a better solution.

And "chmod u+s loadkeys" - you can't be serious..

next prev parent reply	other threads:[~2005-12-03 18:11 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <5f6Fp-1ZB-11@gated-at.bofh.it>
2005-12-03  0:21 ` security / kbd Bodo Eggert
2005-12-03  1:34   ` Andries Brouwer
2005-12-03  2:11     ` Bodo Eggert
2005-12-03  2:39       ` Andries Brouwer
2005-12-03  5:33         ` Bodo Eggert
2005-12-03 14:46           ` Andries Brouwer
2005-12-03 17:19             ` Bodo Eggert
2005-12-03 18:11               ` Andries Brouwer [this message]
2005-12-03 18:48                 ` Bodo Eggert
2005-12-03 21:43                   ` Andries Brouwer
2005-12-02  0:08 Andries Brouwer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20051203181140.GA25534@apps.cwi.nl \
    --to=andries.brouwer@cwi.nl \
    --cc=7eggert@gmx.de \
    --cc=akpm@osdl.org \
    --cc=horms@verge.net.au \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.