NetBSD Problem Report #45424

From woods@once.weird.com  Tue Oct  4 18:51:59 2011
Return-Path: <woods@once.weird.com>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
	by www.NetBSD.org (Postfix) with ESMTP id 7482E63B85F
	for <gnats-bugs@gnats.NetBSD.org>; Tue,  4 Oct 2011 18:51:59 +0000 (UTC)
Message-Id: <m1RBA5r-001EBeC@once.weird.com>
Date: Tue, 4 Oct 2011 11:51:55 -0700 (PDT)
From: "Greg A. Woods" <woods@planix.com>
Sender: "Greg A. Woods" <woods@once.weird.com>
Reply-To: "Greg A. Woods" <woods@planix.com>
To: gnats-bugs@gnats.NetBSD.org
Subject: TIOCCONS should not allow ordinary users to redirect consoles which are not tagged CN_INTERNAL
X-Send-Pr-Version: 3.95

>Number:         45424
>Category:       kern
>Synopsis:       TIOCCONS should not allow ordinary users to redirect consoles which are not tagged CN_INTERNAL
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Oct 04 18:55:00 +0000 2011
>Last-Modified:  Sun Aug 26 12:46:36 +0000 2012
>Originator:     Greg A. Woods
>Release:        NetBSD-current 2011/10/04
>Organization:
Planix, Inc.; Kelowna, BC; Canada
>Environment:
System: NetBSD
Architecture: all
Machine: all
>Description:

	The TIOCCONS ioctl() for tty(4) should not allow ordinary users
	to redirect console output if the console is not tagged with the
	CN_INTERNAL flag.

	I.e. ordinary users should only be able to redirect console
	output if the current console is a type of console where such
	redirection by ordinary users makes sense.

	E.g. if a user is using a workstation, say a "secure" kiosk,
	that also happens to have a serial console connected for
	logging, then the kernel should not permit re-direction of the
	"non-internal" serial console.

	Console redirection only makes sense when the user might run a
	windowing system which would otherwise obliterate or hide kernel
	output to the "real" console.  In NetBSD all consoles where this
	is possible are (or should be) tagged with the CN_INTERNAL flag.

>How-To-Repeat:

>Fix:

	(untested, except in netbsd-5)

Index: sys/kern/tty.c
===================================================================
RCS file: /cvs/master/m-NetBSD/main/src/sys/kern/tty.c,v
retrieving revision 1.248
diff -u -r1.248 tty.c
--- sys/kern/tty.c	24 Sep 2011 00:05:38 -0000	1.248
+++ sys/kern/tty.c	4 Oct 2011 18:07:45 -0000
@@ -1017,6 +1017,11 @@
 			    (TS_CARR_ON | TS_ISOPEN))
 				return EBUSY;

+			/* ordinary users can only redirect internal consoles */
+			if (((error = kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER, NULL)) != 0) &&
+			    cn_tab->cn_pri != CN_INTERNAL)
+ 				return (error);
+
 			pb = pathbuf_create("/dev/console");
 			if (pb == NULL) {
 				return ENOMEM;

>Release-Note:

>Audit-Trail:

>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.