Re: A requirement for the current user to own ttys

From: Egmont Koblinger <egmont gmail com>
To: Key Offecka <key offecka gmail com>
Cc: mc devel <mc-devel gnome org>
Subject: Re: A requirement for the current user to own ttys
Date: Sat, 11 Mar 2017 10:37:26 +0100

Hi,

> All you say about vcs* sounds reasonable, unfortunately according to the code, the tty owner is the problem.

What do you mean the tty owner is the _problem_? What kind of problem?

I believe it's not the _problem_, it's the piece of information we rely on to figure out if cons.saver is being run as a legitime user.

> Disregarding of what was the intention, disregarding of what you were trying to achieve and what security hole to close, do you think, that sort of comparison is valid here?

I'm not aware of the details of the code and don't have time to dig into it, sorry.

As far as I understand, your problem is: You expect that if the real user is root, cons.saver should dutifully perform its role rather than bail out due to some ownership mismatch. Am I right? If so, I believe it's a fair request, although possible security implications should be double checked. Could you please file a new bug for this?

Thanks,

egmont

Follow-Ups:
- Re: A requirement for the current user to own ttys
  - From: Key Offecka

References:
- A requirement for the current user to own ttys
  - From: Key Offecka
- Re: A requirement for the current user to own ttys
  - From: Egmont Koblinger
- Re: A requirement for the current user to own ttys
  - From: Key Offecka

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]