On Tue, 9 Dec 1997, Theodore Y. Ts'o wrote:
> The flip side is that the tty hangup isn't a full revoke, and
> there are some (small) security issues if you have a process hanging
> around after the logout.
Out of interest, what are these?
User A dials up to a linux machine, runs a program which opens /dev/tty
and hangs around in the background. User A logs out, and User A's
program catches signals so it doesn't exit. User B logs in, and starts
to do work. User A's program can still execute a few limited tty
ioctl's, including ones which can reconfigure termios settings, such as
the baud rate, line echoeing, etc.
Note that if you want to run a secure dialup system, you'll have used
the locked_termios feature to prevent user programs from modifying the
certain termios configuration fields that users should have no business
modifying (baud rate, RTS/CTS, CLOCAL, etc.) (CLOCAL is the important
one to restrict, really).
However, the leftover program can still cause problems for user B by
diddling the certain termios features.
I suppose the hack that would improve things would be to only allow root
processes to play ioctl games on a hungup file descriptor.
- Ted