kern/45424: TIOCCONS should not allow ordinary users to redirect consoles which are not tagged CN_INTERNAL

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: kern/45424: TIOCCONS should not allow ordinary users to redirect consoles which are not tagged CN_INTERNAL
From: "Greg A. Woods" <woods%planix.com@localhost>
Date: Tue, 4 Oct 2011 18:55:00 +0000 (UTC)

>Number:         45424
>Category:       kern
>Synopsis:       TIOCCONS should not allow ordinary users to redirect consoles 
>which are not tagged CN_INTERNAL
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Oct 04 18:55:00 +0000 2011
>Originator:     Greg A. Woods
>Release:        NetBSD-current 2011/10/04
>Organization:
Planix, Inc.; Kelowna, BC; Canada
>Environment:
System: NetBSD
Architecture: all
Machine: all
>Description:

        The TIOCCONS ioctl() for tty(4) should not allow ordinary users
        to redirect console output if the console is not tagged with the
        CN_INTERNAL flag.

        I.e. ordinary users should only be able to redirect console
        output if the current console is a type of console where such
        redirection by ordinary users makes sense.

        E.g. if a user is using a workstation, say a "secure" kiosk,
        that also happens to have a serial console connected for
        logging, then the kernel should not permit re-direction of the
        "non-internal" serial console.

        Console redirection only makes sense when the user might run a
        windowing system which would otherwise obliterate or hide kernel
        output to the "real" console.  In NetBSD all consoles where this
        is possible are (or should be) tagged with the CN_INTERNAL flag.

>How-To-Repeat:
        
>Fix:

        (untested, except in netbsd-5)

Index: sys/kern/tty.c
===================================================================
RCS file: /cvs/master/m-NetBSD/main/src/sys/kern/tty.c,v
retrieving revision 1.248
diff -u -r1.248 tty.c
--- sys/kern/tty.c      24 Sep 2011 00:05:38 -0000      1.248
+++ sys/kern/tty.c      4 Oct 2011 18:07:45 -0000
@@ -1017,6 +1017,11 @@
                            (TS_CARR_ON | TS_ISOPEN))
                                return EBUSY;
 
+                       /* ordinary users can only redirect internal consoles */
+                       if (((error = kauth_authorize_generic(l->l_cred, 
KAUTH_GENERIC_ISSUSER, NULL)) != 0) &&
+                           cn_tab->cn_pri != CN_INTERNAL)
+                               return (error);
+
                        pb = pathbuf_create("/dev/console");
                        if (pb == NULL) {
                                return ENOMEM;

Prev by Date: kern/45423: the actual error from pipe_create() should be used instead of being rewritten
Next by Date: kern/45425: how to restore traditional unix behaviour for slashes on the end of pathnames
Previous by Thread: kern/45423: the actual error from pipe_create() should be used instead of being rewritten
Next by Thread: kern/45425: how to restore traditional unix behaviour for slashes on the end of pathnames
Indexes:

Home | Main Index | Thread Index | Old Index