Red Hat Bugzilla – Bug 10769
pam_console does not revoke access to devices on logout
Last modified: 2008-08-01 12:22:51 EDT
when a user logs on console, he's given with access to some devices, like dsp, vcs* or cdrom. If he leaves processes which has opened these devices and logs out, the processes still have access to the opened devices. This can be misused by malicious users. Example: (while :;do echo -n X;sleep 1;done)>/dev/vcs1& logout Proper solution may require modifications to linux kernel, something like vhangup for any device: stopio from sco unix or revoke.
assigned to nalin
While this bug seemed irrelevant the non tty case has at least one interesting abuse we should look at resolving. Moved to kernel where we need to do some of the work.
Thanks for the bug report. However, Red Hat no longer maintains this version of the product. Please upgrade to the latest version and open a new bug if the problem persists. The Fedora Legacy project (http://fedoralegacy.org/) maintains some older releases, and if you believe this bug is interesting to them, please report the problem in the bug tracker at: http://bugzilla.fedora.us/