kern/98788: [syscons] Add sysctl to disallow VT_LOCKSWITCH

Sat Jun 10 20:03:41 UTC 2006

>Number:         98788
>Category:       kern
>Synopsis:       [syscons] Add sysctl to disallow VT_LOCKSWITCH
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sat Jun 10 20:00:30 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Ed Schouten
>Release:        FreeBSD 5.5-STABLE i386
>Organization:
Dispuut Interlink
>Environment:
System: FreeBSD palm.hoeg.nl 5.5-STABLE FreeBSD 5.5-STABLE #0: Mon May 29 10:55:24 CEST 2006 root at palm.hoeg.nl:/usr/obj/usr/src/sys/PALM i386
>Description:
The VT_LOCKSWITCH ioctl for syscons allows a user to disable the Alt Fx
functionality of the terminal. The lock(1) utility also uses this ioctl
when '-v' is passed as an argument.

Though very useful to entirely lock a machine, it may be unwanted (a
public machine). A sysctl to only allow this ioctl to super-users would
be very useful.
>How-To-Repeat:
Run lock -v on a machine with a lot of users. Other users get mad at you
because they want to log in.
>Fix:
The following patch adds a sysctl that allows you to limit this ioctl's
usage to super-users only.

%%%

--- sys/dev/syscons/syscons.c	Sat Jun 10 21:21:39 2006
+++ sys/dev/syscons/syscons.c	Sat Jun 10 21:31:06 2006
@@ -112,6 +112,8 @@
 static	int		saver_mode = CONS_NO_SAVER; /* LKM/user saver */
 static	int		run_scrn_saver = FALSE;	/* should run the saver? */
 static	int		enable_bell = TRUE; /* enable beeper */
+			/* locking terminal when unprivileged */
+static	int		unprivileged_lockswitch = TRUE;
 
 #ifndef SC_DISABLE_REBOOT
 static  int		enable_reboot = TRUE; /* enable keyboard reboot */
@@ -136,6 +138,9 @@
     &sc_saver_keyb_only, 0, "screen saver interrupted by input only");
 SYSCTL_INT(_hw_syscons, OID_AUTO, bell, CTLFLAG_RW, &enable_bell, 
     0, "enable bell");
+SYSCTL_INT(_hw_syscons, OID_AUTO, unprivileged_lockswitch, CTLFLAG_RW,
+    &unprivileged_lockswitch, 0,
+    "allow terminal switch locking when unprivileged");
 #ifndef SC_DISABLE_REBOOT
 SYSCTL_INT(_hw_syscons, OID_AUTO, kbd_reboot, CTLFLAG_RW|CTLFLAG_SECURE, &enable_reboot,
     0, "enable keyboard reboot");
@@ -1059,6 +1064,11 @@
 	return 0;
 
     case VT_LOCKSWITCH:		/* prevent vty switching */
+	if (unprivileged_lockswitch == 0) {
+		error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL);
+		if (error)
+			return (EPERM);
+	}
 	if ((*(int *)data) & 0x01)
 	    sc->flags |= SC_SCRN_VTYLOCK;
 	else
%%%
>Release-Note:
>Audit-Trail:
>Unformatted:
