A requirement for the current user to own ttys

Egmont Koblinger egmont at gmail.com
Sat Mar 11 09:37:26 UTC 2017


Hi,

> All you say about vcs* sounds reasonable, unfortunately according to the
code, the tty owner is the problem.

What do you mean the tty owner is the _problem_? What kind of problem?

I believe it's not the _problem_, it's the piece of information we rely on
to figure out if cons.saver is being run as a legitime user.

> Disregarding of what was the intention,  disregarding of what you were
trying to achieve and what security hole to close, do you think, that sort
of comparison is valid here?

I'm not aware of the details of the code and don't have time to dig into
it, sorry.

As far as I understand, your problem is: You expect that if the real user
is root, cons.saver should dutifully perform its role rather than bail out
due to some ownership mismatch. Am I right? If so, I believe it's a fair
request, although possible security implications should be double checked.
Could you please file a new bug for this?

Thanks,
egmont
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.midnight-commander.org/pipermail/mc-devel/attachments/20170311/557df2fa/attachment.html>


More information about the mc-devel mailing list