On Wed, 25 Aug 1999, Michael K. Johnson wrote:
> To change this behaviour in the way Michal wants would require that
> all console-switching activity be controlled only by root. This would
> have a detrimental effect on security, because it would increase the
> number of setuid applications on the system. So this is not a kernel
> bug, and since the behaviour Michal wants would have to be enforced in
> the kernel and vlock is not capable of changing it, it is not a vlock
> bug either.
I did not agree it is not a bug, because it allows breaking security
scheme offered by vlock. But, for sure, I agree it's not a kernel bug, and
not a vlock bug neither... Noone owns this vulnerability, but it is a
vulnerability, as one of security mechanisms can be bypassed somehow :)
_______________________________________________________________________
Michal Zalewski [[EMAIL PROTECTED]] [link / marchew] [dione.ids.pl SYSADM]
[Marchew Industries] ! [http://lcamtuf.na.export.pl] bash$ :(){ :|:&};:
[voice phone: +48 (0) 22 813 25 86] ? [cellular phone: (0) 501 4000 69]
Iterowac jest rzecza ludzka, wykonywac rekursywnie - boska [P. Deutsch]
