Re: A requirement for the current user to own ttys


> All you say about vcs* sounds reasonable, unfortunately according to the code, the tty owner is the problem.

What do you mean the tty owner is the _problem_? What kind of problem?

I believe it's not the _problem_, it's the piece of information we rely on to figure out if cons.saver is being run as a legitime user.

> Disregarding of what was the intention,  disregarding of what you were trying to achieve and what security hole to close, do you think, that sort of comparison is valid here?

I'm not aware of the details of the code and don't have time to dig into it, sorry.

As far as I understand, your problem is: You expect that if the real user is root, cons.saver should dutifully perform its role rather than bail out due to some ownership mismatch. Am I right? If so, I believe it's a fair request, although possible security implications should be double checked. Could you please file a new bug for this?


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]