On Tue, May 05, 2009 at 11:07:46AM -0500, Norm Jacobs wrote: > Nicolas Williams wrote: > >On Mon, May 04, 2009 at 12:34:29PM -0500, Norm Jacobs wrote: > > > >>James Carlson wrote: > >> > >>>Norm Jacobs writes: > >>> > >>> > >>>>TIOCSTI appears to require elevated privilege. streamio.c appears to > >>>>do the auth checking in the kernel using secpolicy_sti(), which equates > >>>> > >>>> > >>>If you issue it on the controlling tty for this process and you have > >>>at least read access, then you won't need extra privileges. But, yes, > >>>if you want to do it on someone else's tty, then you'll need all > >>>privileges, as it's an escalation threat. > >>> > >>> > >>It appears to want to use other's ttys. > >> > > > >Er, why? > > > Because that's what it does. It connects to a bunch of ttys, allows you > to type in it's "shell", and stuffs a copy of what you type out to all > of the ttys it's connected to. It monitors each "connection" through > individual xterms. Near as I can tell, it's for people that are too lazy > to cut/paste. :-)
Yes, but as has been pointed out, it could just master those ptys. Sounds like pconsole's architecture is broken, not necessarily fatally so since you can manage the privilege issue, but I now think of pconsole as toxic. Here's a question: can you cause pconsole to accidentally clobber some other user's pty? Nico --
