On Tue, Mar 01, 2005 at 08:17:47AM -0800, Linus Torvalds wrote: > On Tue, 1 Mar 2005, Vojtech Pavlik wrote: > > > > A nonprivileged user could inject mouse movement and/or keystrokes > > (using the sunkbd driver) into the input subsystem, taking over the > > console/X, where another user is logged in. > > > > Simply using a slightly modified inputattach on a PTY will do the trick. > > Might an alternative be to just make writes to N_MOUSE require privileges? > > Ie "reading is ok, and changing to N_MOUSE is ok, but tryign to write a > mouse packet is not"? The check should be easy enough to add to the > ldisc.write thing? No, since you wouldn't write anything to the device, the writes would happen on the other end of the pty.
-- Vojtech Pavlik SuSE Labs, SuSE CR - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/