[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Patch] virtual consoles switching disabling



Actually any user running X that can run xmodmap can disable console
switching on a key by key basis since the X is responsible for vt switching
once it's running...

Try...

xmodmap -pk | grep XF86_Switch_VT

this will return all the keycodes that are bound to the vt switches.

Lets say key 68 is returned for XF86_Switch_VT, it will look something like
this...

68	0xffbf	(F2)		0x1008fe02	(XF86_Switch_VT_2)

If you then..

xmodmap -e 'keycode 68=F2'

This will switch the vt switch off for that vt (from X, you will still be
able to switch to another text console and then switch back to vt2
(ttyC01)).

The point is you can disable them all and re-enable them if you like from a
normal user already..

xmodmap -e 'keycode 68=F2 XF86_Switch_VT_2'

But we don't claim that giving anyone access to the console is secure anyway
so I don't see a problem with this :)

- Andy 
----Original Message-----
From: owner-tech_(_at_)_openbsd_(_dot_)_org [mailto:owner-tech_(_at_)_openbsd_(_dot_)_org] On Behalf Of
Hannah Schroeter
Sent: 15 February 2006 15:22
To: tech_(_at_)_openbsd_(_dot_)_org
Subject: Re: [Patch] virtual consoles switching disabling

Hello!

On Wed, Feb 15, 2006 at 03:17:09PM -0000, Andrew Smith wrote:
>It depends on your target for the IOCTL usage.

>If you want to lock screens on screensaver so that the vt can't be changed
>then you need to probably support an IOCTL since it is probable that the
>screensaver will run with insufficient privilege to sysctl.

>I know xscreensaver is setuid root normally but it does drop its privilege.

I don't think that's a problem. Non-root shouldn't be able to disable
console switching anyway (can you pronounce "DoS"?).

Frankly I see not much sense in this whole thing at all. Root can
disable logins, and besides that, why shouldn't authorized users be able
to login?

>[...]

Kind regards,

Hannah.