On Wed, 01 Aug 2007 04:44:32 +0200
Frank Benkstein <[EMAIL PROTECTED]> wrote:
> Frank Benkstein wrote:
> > I wonder why there are different permissions needed for VT_PROCESS
> > (access to the current virtual console) and VT_LOCKSWITCH
> > (CAP_SYS_TTY_CONFIG).
>
> To be more direct:
>
> require CAP_SYS_TTY_CONFIG for VT_SETMODE as its essentially the same as
> VT_LOCKSWITCH and said capability is already required there
>
> diff --git a/drivers/char/vt_ioctl.c b/drivers/char/vt_ioctl.c
> index c6f6f42..7034a68 100644
> --- a/drivers/char/vt_ioctl.c
> +++ b/drivers/char/vt_ioctl.c
> @@ -662,7 +662,7 @@ int vt_ioctl(struct tty_struct *tty, struct file * file,
> {
> struct vt_mode tmp;
>
> - if (!perm)
> + if (!perm || !capable(CAP_SYS_TTY_CONFIG))
> return -EPERM;
> if (copy_from_user(&tmp, up, sizeof(struct vt_mode)))
> return -EFAULT;
>
There's a good risk of breaking stuff with this change. A quick peek
through http://www.google.com/codesearch shows that.
We need good reasons for making that change, and for handling the
subsequent fallout, getting shouted at by aggrieved users, etc.
It's tricky.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
