[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Patch] virtual consoles switching disabling
- To: "'Hannah Schroeter'" <hannah_(_at_)_schlund_(_dot_)_de>
- Subject: Re: [Patch] virtual consoles switching disabling
- From: "Andrew Smith" <asmith_(_at_)_tranquility_(_dot_)_fsbusiness_(_dot_)_co_(_dot_)_uk>
- Date: Wed, 15 Feb 2006 16:13:45 -0000
- Cc: <tech_(_at_)_openbsd_(_dot_)_org>
- Thread-index: AcYyROK/XdAbNsqWT/WrPE2t06/lYwABFudA
Actually any user running X that can run xmodmap can disable console
switching on a key by key basis since the X is responsible for vt switching
once it's running...
xmodmap -pk | grep XF86_Switch_VT
this will return all the keycodes that are bound to the vt switches.
Lets say key 68 is returned for XF86_Switch_VT, it will look something like
68 0xffbf (F2) 0x1008fe02 (XF86_Switch_VT_2)
If you then..
xmodmap -e 'keycode 68=F2'
This will switch the vt switch off for that vt (from X, you will still be
able to switch to another text console and then switch back to vt2
The point is you can disable them all and re-enable them if you like from a
normal user already..
xmodmap -e 'keycode 68=F2 XF86_Switch_VT_2'
But we don't claim that giving anyone access to the console is secure anyway
so I don't see a problem with this :)
From: owner-tech_(_at_)_openbsd_(_dot_)_org [mailto:owner-tech_(_at_)_openbsd_(_dot_)_org] On Behalf Of
Sent: 15 February 2006 15:22
Subject: Re: [Patch] virtual consoles switching disabling
On Wed, Feb 15, 2006 at 03:17:09PM -0000, Andrew Smith wrote:
>It depends on your target for the IOCTL usage.
>If you want to lock screens on screensaver so that the vt can't be changed
>then you need to probably support an IOCTL since it is probable that the
>screensaver will run with insufficient privilege to sysctl.
>I know xscreensaver is setuid root normally but it does drop its privilege.
I don't think that's a problem. Non-root shouldn't be able to disable
console switching anyway (can you pronounce "DoS"?).
Frankly I see not much sense in this whole thing at all. Root can
disable logins, and besides that, why shouldn't authorized users be able