Security Bug in Virtual Terminal Driver (vt.c) ?!?

Stefan Reinauer (stepan@freiburg.linux.de)
Tue, 02 Dec 1997 13:06:15 +0100

Hi,

Imagine the following: A user changes the key mapping of the Linux
console
completely using loadkeys. He putīs some "echo "blabla" >/etc/passwd" on
any often used key. After that root logs in on the console and hits that
key. What happens? Exactly. Root has to deal with that exploited keymap.
It doesnīt matter which one of the virtual consoles she uses because
Linux
uses a shared keymap buffer for all these consoles.

But why should any user change the keyboard mapping at all? isnīt that a
point of system administration?

The following patches fix this problem for 2.0.32 and 2.1.69. They
permit
changing the keyboard mapping as a user.

Thanks to Roman Drahtmueller who wrote the 2.0 patch :-)

Please tell me your opinions about that...

BTW, the patches are uuencoded :-)

2.1.69 patch:
------------- 8< --------------------------
begin 644 vt.diff.2.1.69
M+2TM('9T+F,N;VQD"51U92!$96,@(#(@,3(Z-#@Z,30@,3DY-PHK*RL@=G0N
M8PE4=64@1&5C("`R(#$R.C0Y.C$P(#$Y.3<*0$`@+3(R,"PW("LR,C`L-R!`
M0`H@"0D@("`@=F%L(#T@*&D@/R!+7TA/3$4@.B!+7TY/4U5#2$U!4"D["B`)
M"7)E='5R;B!?7W!U=%]U<V5R*'9A;"P@)G5S97)?:V)E+3YK8E]V86QU92D[
M"B`)8V%S92!+1%-+0D5.5#H*+0D):68@*"%P97)M*0HK"0EI9B`H(7-U<V5R
M*"DI"B`)"0ER971U<FX@+45015)-.PH@"0EI9B`H(6D@)B8@=B`]/2!+7TY/
E4U5#2$U!4"D@>PH@"0D)+RH@9&ES86QL;V-A=&4@;6%P("HO"@``
`
end
----------------------------------------------

2.0.32 patch:

begin 644 vt.diff.2.0.32
M*BHJ(&1R:79E<G,O8VAA<B]V="YC+F]L9`E-;VX@1&5C("`Q(#`V.C,Y.C$Q
M(#$Y.3<-"BTM+2!D<FEV97)S+V-H87(O=G0N8PE-;VX@1&5C("`Q(#`V.C,X
M.C4V(#$Y.3<-"BHJ*BHJ*BHJ*BHJ*BHJ*@T**BHJ(#0T,BPT-#@@*BHJ*@T*
M("`)"75?8VAA<B!S.PT*("`)"75?<VAO<G0@=BP@;W8[#0H@(`T*(2`)"6EF
M("@A<&5R;2D-"B`@"0D)<F5T=7)N("U%4$5233L-"B`@"0EI(#T@=F5R:69Y
M7V%R96$H5D5224997U)%040L("AC;VYS="!V;VED("HI82P@<VEZ96]F*'-T
M<G5C="!K8F5N=')Y*2D[#0H@(`D):68@*&DI#0HM+2T@-#0R+#0T.2`M+2TM
M#0H@(`D)=5]C:&%R(',[#0H@(`D)=5]S:&]R="!V+"!O=CL-"B`@#0HA("\J
M"0EI9B`H(7!E<FTI("!R96UO=F5D(&)Y(%)O;6%N($1R86AT;75E;&QE<B`\
M9')A:'1`=6YI+69R96EB=7)G+F1E/BP@.3<Q,C`Q("HO#0HA(&EF("@A<W5S
M97(H*2D-"B`@"0D)<F5T=7)N("U%4$5233L-"B`@"0EI(#T@=F5R:69Y7V%R
M96$H5D5224997U)%040L("AC;VYS="!V;VED("HI82P@<VEZ96]F*'-T<G5C
:="!K8F5N=')Y*2D[#0H@(`D):68@*&DI#0H`
`
end

-------------------------------------------

Stefan.

-- 
All extremists should be taken out and shot.