public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
From: Andries Brouwer <Andries.Brouwer@cwi.nl>
To: Bodo Eggert <7eggert@gmx.de>
Cc: Andries Brouwer <Andries.Brouwer@cwi.nl>,
	linux-kernel@vger.kernel.org, akpm@osdl.org, horms@verge.net.au
Subject: Re: security / kbd
Date: Sat, 3 Dec 2005 19:11:40 +0100	[thread overview]
Message-ID: <20051203181140.GA25534@apps.cwi.nl> (raw)
In-Reply-To: <Pine.LNX.4.58.0512031650450.2051@be1.lrz>

On Sat, Dec 03, 2005 at 06:19:47PM +0100, Bodo Eggert wrote:

> > But there are many ways of using such a file descriptor.
> > This patch cripples the keymap changing but does not solve anything.
> 
> Obviously it solves only a part. OTOH you can't keep an exploit open just 
> because there is another exploit.
> Like I said, use chmod u+s loadkeys.

Hmm. There is an obscure security problem. It was fixed in a bad way -
people want to say unicode_start and unicode_stop and find that that
fails today. Ach.

You argue "you can't keep an exploit open" - but as far as I can see
there is no problem that needs solving in kernel space.
For example - today login does a single vhangup() for the login tty.
In case that is a VC it could do a vhangup() for all VCs.
That looks like a better solution.

And "chmod u+s loadkeys" - you can't be serious..

  reply	other threads:[~2005-12-03 18:11 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <5f6Fp-1ZB-11@gated-at.bofh.it>
2005-12-03  0:21 ` security / kbd Bodo Eggert
2005-12-03  1:34   ` Andries Brouwer
2005-12-03  2:11     ` Bodo Eggert
2005-12-03  2:39       ` Andries Brouwer
2005-12-03  5:33         ` Bodo Eggert
2005-12-03 14:46           ` Andries Brouwer
2005-12-03 17:19             ` Bodo Eggert
2005-12-03 18:11               ` Andries Brouwer [this message]
2005-12-03 18:48                 ` Bodo Eggert
2005-12-03 21:43                   ` Andries Brouwer
2005-12-02  0:08 Andries Brouwer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20051203181140.GA25534@apps.cwi.nl \
    --to=andries.brouwer@cwi.nl \
    --cc=7eggert@gmx.de \
    --cc=akpm@osdl.org \
    --cc=horms@verge.net.au \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox