kern/141928: either xterm -C or ioctl TIOCCONS is broken
Dan Strick
mla_strick at att.net
Wed Dec 23 20:30:02 UTC 2009
>Number: 141928
>Category: kern
>Synopsis: either xterm -C or ioctl TIOCCONS is broken
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Dec 23 20:30:01 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator: Dan Strick <mla_strick at att.net>
>Release: FreeBSD 8.0-RELEASE i386
>Organization:
none
>Environment:
System: FreeBSD mist 8.0-RELEASE FreeBSD 8.0-RELEASE #5: Mon Dec 7 18:59:52 PST 2009 root at mist:/usr/src/sys/i386/compile/MIST_DEBUG i386
xterm-247
xorg 7.4
>Description:
The -C option to the xterm program is broken. It is supposed
to redirect console messages to the xterm window by issuing the
tty TIOCCONS ioctl for the xterm pty. This was working in
FreeBSD 6.1 (for example), but since then the ioctl seems to have
been modified to require root privilege and the xterm program has
been reconfigured to drop root privilege almost immediately after
starting.
The xterm program requires that /dev/console belongs to the
current effective user-id and this used to be all that the
TIOCCONS ioctl required. (Otherwise why does /etc/fbtab exist?)
>How-To-Repeat:
Make some non-root user the owner of /dev/console and do
"xterm -C" as that user. Then do something that generates console
output (e.g. plug in a usb device). Note that the output went
to the real console and not to the xterm window.
>Fix:
Either modify the TIOCCONS iotcl so that root privilege is not
required if /dev/console belongs to the current effective user-id
or rebuild xterm to not drop root privilege until it execs the
user's shell within the xterm window.
For example, as root:
1) cd /usr/ports/x11/xterm
2) Append "--enable-setuid" to the CONFIGURE_ARGS+= line
in the Makefile.
3) make install clean
Presumably someone thought they had good reasons for breaking
xterm -C. There are security issues buried here and xterm is
an extraordinarily messy program, but console output redirection
is a rather important feature.
Was it really necessary to castrate the TIOCCONS ioctl?
Reenabling this ioctl seems to be the simplest and least risky
way to fix xterm -C.
Playing games with /etc/syslog.conf is ugly and clumsy and doing
something like "tail -f /var/log/messages" in the xterm window
is ugly and clumsy and unreliable.
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list