Hi,
I am looking at the
main (int argc, char **argv)
function in
src/consaver/cons.saver.c
There are calls like
st.st_uid != uid
fstat (console_fd, &st) >= 0 && st.st_uid == uid
fstat (console_fd, &st) < 0 || st.st_uid != uid
The last one is especially strange taking into account that it appears twice
if (seteuid (euid) < 0
|| lseek (vcsa_fd, 0, 0) != 0
|| fstat (console_fd, &st) < 0 || st.st_uid != uid
|| read (vcsa_fd, buffer, buffer_size) != buffer_size
|| fstat (console_fd, &st) < 0 || st.st_uid != uid)
This all is taken from the commit e9fd11bfcd1dab97e3ba423bcfb8b6ca1088b11c
which is the latest at this moment
It looks to me MC tries inventing its own permission scheme rather than
relying on the system set up.
Consider there is a user in the system who is allowed to read/write and to
do whatever they want with vcs, tty and with whatever files else you may
only wish. root is one obvious candidate but nothing restricts us to set up
another user taking advantaged of all those system security facilities.
There is a traditional UNIX permission scheme, SeLinux may be involved if
needed. And now comes MC, and introduces a hardcoded/unconfigurable/solid
as a stone requirement for the current user to be the owner of the files.
Why so?
I believe there is case and that code is called to cover it. But
unfortunately I do not see the reason. And this is my question, I would
appreciate if anybody could explain what security issue was addressed here?
In my particular case this code introduces an inconvenience, so I just
removed it and feel total happy without it. But still am a little bit
concerned about possible consequences which I do now understand at the
moment.
My case I mentioned above is as follows:
Log into, say, tty3 as a normal user, say `echo`. The tty3 ownership
changes, and the `echo` user becomes the owner of tty3 which sounds
reasonable.
Now sudo as another user who has all access permissions to tty and vcs, In
my case this is root.
Press Control+O, MC screws up the background shell, the root user sees the
blank screen rather than previously executed commands and MC starts
thinking the terminal is dumb asking to press any key after executing
commands. And this happens for the root user! MC overwrote the root
privileges! Does it sound reasonable to you?
Any explanations are welcome.
Thank you.
--
Konstantin I.,
_______________________________________________
mc-devel mailing list
https://mail.gnome.org/mailman/listinfo/mc-devel
