On Wed, 01 Aug 2007 04:44:32 +0200 Frank Benkstein <[EMAIL PROTECTED]> wrote:
> Frank Benkstein wrote: > > I wonder why there are different permissions needed for VT_PROCESS > > (access to the current virtual console) and VT_LOCKSWITCH > > (CAP_SYS_TTY_CONFIG). > > To be more direct: > > require CAP_SYS_TTY_CONFIG for VT_SETMODE as its essentially the same as > VT_LOCKSWITCH and said capability is already required there > > diff --git a/drivers/char/vt_ioctl.c b/drivers/char/vt_ioctl.c > index c6f6f42..7034a68 100644 > --- a/drivers/char/vt_ioctl.c > +++ b/drivers/char/vt_ioctl.c > @@ -662,7 +662,7 @@ int vt_ioctl(struct tty_struct *tty, struct file * file, > { > struct vt_mode tmp; > > - if (!perm) > + if (!perm || !capable(CAP_SYS_TTY_CONFIG)) > return -EPERM; > if (copy_from_user(&tmp, up, sizeof(struct vt_mode))) > return -EFAULT; > There's a good risk of breaking stuff with this change. A quick peek through http://www.google.com/codesearch shows that. We need good reasons for making that change, and for handling the subsequent fallout, getting shouted at by aggrieved users, etc. It's tricky. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/