kbdcontrol -l affects all vty's, not just the current one

Chris Pressey cpressey at catseye.mine.nu
Sun Jun 20 17:39:54 PDT 2004


While testing Tim Wickberg's kbdmap submission I found an interesting
bug in syscons.  Keyboard mappings are global to syscons rather than
per-vty.  I've tried it on FreeBSD 4.9 and it has the same behaviour, so
it's something we've inherited.  To reproduce it, try this:

- login in one vty as an unprivledged user
- kbdcontrol -l a_different_keymap_file_from_what_you_usually_use
- switch to another vty
- login as root
- type something.

It's not so much a serious security hole as it's just offensive to UNIX
sensibilities of how an unprivledged user is not supposed to be able to
change the properties of something they don't own :-/

(Simon 'corecode' Schubert pointed out that, even if the kbdmap was
per-vty, nothing would stop an unprivledged user from loading a keyboard
map of all NUL's, which would disable further logins and/or switching to
another vty.  So I'm not really sure what can be done about it...)

-Chris





More information about the Bugs mailing list