diff options
| author | Matthieu Herrb <matthieu@cvs.openbsd.org> | 2017-10-04 18:29:00 +0000 |
|---|---|---|
| committer | Matthieu Herrb <matthieu@herrb.eu> | 2020-07-14 15:52:39 +0200 |
| commit | 632309b2899b5e67d5c9224e9700db48ef0ed2ed (patch) | |
| tree | a4ecfe94fd544e0332178797a66e4f9a0f3e4d72 | |
| parent | e34d49ac07b53ce4f4dc58010fcc940dba6a2bcf (diff) | |
chown before chmod
This prevents a malicious user logging out from calling
chmod while still owning /dev/console and thus by-passing
the '622' mode that is set here.
Issue reported by Tim Chase. Thanks.
Merged from xdm upstreams
| -rw-r--r-- | config/TakeConsole | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/config/TakeConsole b/config/TakeConsole index 7b08050..7cce126 100644 --- a/config/TakeConsole +++ b/config/TakeConsole @@ -1,10 +1,10 @@ #!/bin/sh # Reassign ownership of the console to root, this should disallow # assignment of console output to any random users's xterm -# $OpenBSD: TakeConsole,v 1.5 2015/01/25 21:51:20 jca Exp $ +# $OpenBSD: TakeConsole,v 1.2 2017/10/04 18:28:59 matthieu Exp $ # -chmod 622 /dev/console chown root /dev/console +chmod 622 /dev/console if [ -c /dev/drm0 ]; then chown root /dev/drm0 fi |