This has already been on bugtrack #1176, but here it goes again: login program incorrectly? chowns /dev/vcs?? to console user and if the user opens the device and keeps it open he/she can keep on reading from it and read others screen... From linux kernel mailing list I found that the problem exists because linux doesn't have revoke syscall that would close open filedescriptors. This problem might be quite severe if linux machines are used in a lab environment where the computers are shared. Anyway... I created a small patch. This is only a temporary solution ! -Jarno PS. This patch will break console programs that expect to read from /dev/vcs?? (screendump ?) Also maybe it should chgrp the devices to tty --- util-linux-2.10f/login-utils/login.c~ Sat Oct 30 03:06:01 1999 +++ util-linux-2.10f/login-utils/login.c Wed Jul 12 12:01:25 2000 @@ -964,10 +964,16 @@ /* if tty is one of the VC's then change owner and mode of the special /dev/vcs devices as well */ if (consoletty(0)) { + /* chown(vcsn, pwd->pw_uid, (gr ? gr->gr_gid : pwd->pw_gid)); chown(vcsan, pwd->pw_uid, (gr ? gr->gr_gid : pwd->pw_gid)); chmod(vcsn, TTY_MODE); chmod(vcsan, TTY_MODE); + */ + chown( vcsn, (uid_t)0, (gid_t)0 ); + chown( vcsan, (uid_t)0, (gid_t)0 ); + chmod(vcsn, (mode_t)0600); + chmod(vcsan, (mode_t)0600); } setgid(pwd->pw_gid);
While linux can no way to revoke access to the files, it should be possible to just kill -9 the offending processes, ie any programs with these files open. Could this be a solution?
Fixed in util-linux-2.11a-2 in rawhide