Re: [PATCH][2.1.71] BSD revoke() syscall

Theodore Y. Ts'o (tytso@MIT.EDU)
Wed, 10 Dec 1997 14:39:53 -0500

Date: Wed, 10 Dec 1997 15:32:43 +0000 (GMT)
From: Chris Evans <>

On Tue, 9 Dec 1997, Theodore Y. Ts'o wrote:

> The flip side is that the tty hangup isn't a full revoke, and
> there are some (small) security issues if you have a process hanging
> around after the logout.

Out of interest, what are these?

User A dials up to a linux machine, runs a program which opens /dev/tty
and hangs around in the background. User A logs out, and User A's
program catches signals so it doesn't exit. User B logs in, and starts
to do work. User A's program can still execute a few limited tty
ioctl's, including ones which can reconfigure termios settings, such as
the baud rate, line echoeing, etc.

Note that if you want to run a secure dialup system, you'll have used
the locked_termios feature to prevent user programs from modifying the
certain termios configuration fields that users should have no business
modifying (baud rate, RTS/CTS, CLOCAL, etc.) (CLOCAL is the important
one to restrict, really).

However, the leftover program can still cause problems for user B by
diddling the certain termios features.

I suppose the hack that would improve things would be to only allow root
processes to play ioctl games on a hungup file descriptor.

- Ted