On Mon, Oct 13, 2008 at 6:05 PM, Edwin Groothuis <[EMAIL PROTECTED]> wrote: > On Sun, Oct 12, 2008 at 10:23:53PM -0700, Jeremy Chadwick wrote: >> > The ioctl call fails (EPERM) because only superuser can use TIOCCONS, >> > regardless the ownership of the device. Using xterm with the "-C" >> > argument works because xterm is installed with the setuid flag bit on. >> > So the solution is "chmod +us xconsole". >> >> Can someone security audit this program before blindly setuid-root'ing >> it? > > Isn't xconsole not just the same values as /var/log/messages ? > > So information-leaking-wise it isn't a huge deal. Only the program > itself is now the unknown. > > Edwin > -- > Edwin Groothuis Website: http://www.mavetju.org/ > [EMAIL PROTECTED] Weblog: http://www.mavetju.org/weblog/
The OpenBSD folks solved the permission issue along time ago(*) by means of a privilege separation feature. Take a look at http://www.openbsd.org/cgi-bin/cvsweb/xenocara/app/xconsole/ I will see if is possible to update the xconsole port in order to do the same. Is there any standard privilege separation framework on FreeBSD? (*) http://openbsd.monkey.org/tech/200302/msg00064.html -- cd /usr/ports/sysutils/life make clean _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"