Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751504AbVJRVTZ (ORCPT ); Tue, 18 Oct 2005 17:19:25 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1751492AbVJRVTZ (ORCPT ); Tue, 18 Oct 2005 17:19:25 -0400 Received: from [193.22.164.111] ([193.22.164.111]:49798 "EHLO vserver151.vserver151.serverflex.de") by vger.kernel.org with ESMTP id S1751504AbVJRVTZ (ORCPT ); Tue, 18 Oct 2005 17:19:25 -0400 Date: Tue, 18 Oct 2005 23:19:53 +0200 To: Horms Cc: linux-kernel@vger.kernel.org, security@kernel.org, secure-testing-team@lists.alioth.debian.org, 334113@bugs.debian.org, Rudolf Polzer , Alastair McKinstry , team@security.debian.org Subject: Re: [Secure-testing-team] kernel allows loadkeys to be used by any user, allowing for local root compromise Message-ID: <20051018211953.GA5374@informatik.uni-bremen.de> References: <20051018044146.GF23462@verge.net.au> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20051018044146.GF23462@verge.net.au> User-Agent: Mutt/1.5.11 From: Moritz Muehlenhoff X-SA-Exim-Connect-IP: 82.83.201.0 X-SA-Exim-Mail-From: jmm@inutil.org X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond expanded to false Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 542 Lines: 14 Horms wrote: > > The non-suid command "loadkeys" can be used by any local user having > > console access. It does not just apply to the current virtual console > > but to all virtual consoles and its effect persists even after logout. This has been assigned CAN-2005-3257. Cheers, Moritz - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/