On Tue, May 05, 2009 at 11:31:45AM -0500, Nicolas Williams wrote: > Now, one possibility is that pconsole ought not need any privilege at > all -- that strioctl()/secpolicy_sti() should allow this ioctl when the > caller a) owns the pty and b) has PRIV_PROC_SESSION. After all, the > caller could just debug the terminal process to insert the desired > characters into the pty master...
Incidentally, if strioctl()/secpolicy_sti() were changed as suggested then pconsole wouldn't need any changes since it ignores the results of seteuid(2), and wouldn't need any non-basic privs. Nico --