On Tue, 2012-07-10 at 00:16 +0200, Samuel Thibault wrote: > Such kinds of questions are quite frowned upon. Uhm.. yeah well... but there are already quite a lot of them... and I personally consider them to be quite ok, when the priority is reasonably set...
> What does "use gpm" mean exactly? > What does the "tty" command return? Tried 3 different kinds of hosts here now,.. those had either /dev/tty{N} or /dev/console > Is the content of the consoles exactly the same as what's physically > displayed on the machine? Cannot check here now, sorry, access to the building is highly restricted. > I can "use gpm" in my xterms for instance, but copy/paste is entirely > done by X11. Ah? Ok... I never saw the gpm typical pointer in X terminals... and always thought they'd work completely independent.. > Log how? Which tool? On the nodes that I've tried now runs VMware (yes... sigh)... and there it's some awkward proprietary browser plugin... > There are a plethora of ways to access a machine > with very varying effects. Well and that's the point I tried to emphasise before... one cannot now by which way users use the systems,... but one can be sure that there may be some that run into troubles. Anyway... Expecting you're right with the syscalls... (too busy now to look into the code :-/ ) I'd agree that the issue cannot be solved in gpm itself. But as long as a real solution is found (if ever accepted in the kernel)... I'd say that gpm should warn it's users of this potential security issue. I can imagine amongst the following: - a SECURITY file in /u/s/d/gpm that describes the issue (which should probably distributed part of upstream) specific to Debian: - a shorter warning in the package description - and maybe the same as in SECURITY via debconf I know you probably don't like the later ;-) ... but I guess it's the best chance to reach most (Debian) users. Apart from what can be done (now) at a gpm level (i.e. warnings)... how shall be proceeded? Popping the issue up at lkml? Anyone with good connections? If the ioctl is part of the tty subsystem chances are probably rather bad to get things done... last time I read,... the subsystem was still one of the don't-touch-miracles... Cheers, Chris.
smime.p7s
Description: S/MIME cryptographic signature