Your message dated Tue, 15 Mar 2016 14:10:52 +0100 with message-id <[email protected]> and subject line Re: Bug#818118: security-tracker: It's possible for any user to steal root console output has caused the Debian Bug report #818118, regarding security-tracker: It's possible for any user to steal root console output to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 818118: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818118 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: security-tracker Severity: normal Dear Maintainer, *** Reporter, please consider answering these questions, where appropriate *** * What led up to the situation? * What exactly did you do (or not do) that was effective (or ineffective)? * What was the outcome of this action? 1. Open root console 2. apt-get any framebuffer grabbing utility (e.g. fbgrab) 3. switch to a graphical interface of any other user 4. run "fbgrab /path/whatever.png" 5. Now you've got a root console output, with possibly its secret information * What outcome did you expect instead? This may sound ridiculous but I don't want regular users to be able to watch over another user consoles. Especially root console. You know, anyone on the computer can just launch a script that will grab the root console output continiously revealing everything the root was doing. *** End of the template - remove these template lines *** This may be hardware-specific, so in this case - I'm using AMD graphics card with "radeon" driver. -- System Information: Debian Release: 8.3 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 3.16.0-4-686-pae (SMP w/2 CPU cores) Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---Hi, On Mon, Mar 14, 2016 at 02:08:06AM +0500, nomatter wrote: > Package: security-tracker > Severity: normal > > Dear Maintainer, > > *** Reporter, please consider answering these questions, where appropriate *** > > * What led up to the situation? > * What exactly did you do (or not do) that was effective (or > ineffective)? > * What was the outcome of this action? > > 1. Open root console > 2. apt-get any framebuffer grabbing utility (e.g. fbgrab) > 3. switch to a graphical interface of any other user > 4. run "fbgrab /path/whatever.png" > 5. Now you've got a root console output, with possibly its secret information > > * What outcome did you expect instead? > > This may sound ridiculous but I don't want regular users to be able > to watch over another user consoles. Especially root console. You > know, anyone on the computer can just launch a script that will grab > the root console output continiously revealing everything the root > was doing. > > *** End of the template - remove these template lines *** > This may be hardware-specific, so in this case - I'm using AMD > graphics card with "radeon" driver. This is not a bug in the security-tracker. Regards, Salvatore
--- End Message ---
