NetBSD Problem Report #21026
Received: (qmail 21340 invoked by uid 605); 5 Apr 2003 12:37:38 -0000
Message-Id: <20030405120734.E26461132C@narn.netbsd.org>
Date: Sat, 5 Apr 2003 04:07:34 -0800 (PST)
From: kavron@xs4all.nl
Sender: gnats-bugs-owner@netbsd.org
Reply-To: kavron@xs4all.nl
To: gnats-bugs@gnats.netbsd.org
Subject: XFree86 on execution before getting the X windows system shows output from console user
X-Send-Pr-Version: www-1.0
>Number: 21026
>Category: xsrc
>Synopsis: XFree86 on execution before getting the X windows system shows output from console user
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: xsrc-manager
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat Apr 05 12:38:00 +0000 2003
>Closed-Date: Sat Apr 05 12:42:22 +0000 2003
>Last-Modified: Sat Apr 05 12:42:22 +0000 2003
>Originator: Jorge
>Release: NetBSD 1.6Q
>Organization:
>Environment:
NetBSD ws1 1.6Q NetBSD 1.6Q (VVZ) #15: Fri Apr 4 21:49:37 CEST 2003 kavron@ws1:/usr/src/sys/arch/i386/compile/VVZ i386
>Description:
Default binary snapshot (1.6P) installation as well an upgrade to 1.6Q,after starting the X Window (startx) it's lagging two - three seconds
before you get in front tty5 with the X Window on your screen. In those two - three seconds you see output from tty1 (console by default), I don't
know if it can be considered insecure, but don't think it's a clean design. Supposing as user you executed X from tty2 and root is on tty1 you
see output from root as well if you're quick enough you can run commands from tty1 while X is still starting.
I don't know as I said if it's important, because if you can start X local
from your pc you also can see tty1 with alt + F1. But don't think it's clean the design.
>How-To-Repeat:
login as a user, example root on tty1 (console)... as another user on tty2
and run X from tty2, you'll see output from user root and can input anything while lagging to start X.
>Fix:
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed
State-Changed-By: tron
State-Changed-When: Sat Apr 5 04:41:41 PST 2003
State-Changed-Why:
There is no security problem here. An user using the console could switch
to the virtual console with the root shell on it anyway. I can't remember
right now why it is necessary to switch to tty1 but there is a technial
reason for it.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.