Bug 10769 - pam_console does not revoke access to devices on logout
pam_console does not revoke access to devices on logout
Status: CLOSED CURRENTRELEASE
Product: Red Hat Linux
Classification: Retired
Component: kernel (Show other bugs)
6.2
All Linux
medium Severity medium
: ---
: ---
Assigned To: Arjan van de Ven
Brian Brock
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2000-04-12 18:24 EDT by lav
Modified: 2008-08-01 12:22 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-09-30 11:38:47 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description lav 2000-04-12 18:24:49 EDT
when a user logs on console, he's given with access to some devices,
like dsp, vcs* or cdrom. If he leaves processes which has opened these
devices and logs out, the processes still have access to the opened
devices. This can be misused by malicious users. Example:
   (while :;do echo -n X;sleep 1;done)>/dev/vcs1& logout

Proper solution may require modifications to linux kernel, something like
vhangup for any device: stopio from sco unix or revoke.
Comment 1 Cristian Gafton 2000-05-22 11:37:59 EDT
assigned to nalin
Comment 2 Alan Cox 2002-12-14 17:39:47 EST
While this bug seemed irrelevant the non tty case has at least one interesting
abuse we should look at resolving. Moved to kernel where we need to do some of
the work.
Comment 4 Bugzilla owner 2004-09-30 11:38:47 EDT
Thanks for the bug report. However, Red Hat no longer maintains this version of
the product. Please upgrade to the latest version and open a new bug if the problem
persists.

The Fedora Legacy project (http://fedoralegacy.org/) maintains some older releases, 
and if you believe this bug is interesting to them, please report the problem in
the bug tracker at: http://bugzilla.fedora.us/

Note You need to log in before you can comment on or make changes to this bug.