From mla_strick@att.net  Wed Dec 23 20:29:38 2009
Return-Path: <mla_strick@att.net>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 5B7CF1065696
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 23 Dec 2009 20:29:38 +0000 (UTC)
	(envelope-from mla_strick@att.net)
Received: from smtp125.sbc.mail.sp1.yahoo.com (smtp125.sbc.mail.sp1.yahoo.com [69.147.65.184])
	by mx1.freebsd.org (Postfix) with SMTP id 40F668FC25
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 23 Dec 2009 20:29:38 +0000 (UTC)
Received: (qmail 91106 invoked from network); 23 Dec 2009 20:02:57 -0000
Received: from adsl-69-228-80-86.dsl.pltn13.pacbell.net (mla_strick@69.228.80.86 with login)
        by smtp125.sbc.mail.sp1.yahoo.com with SMTP; 23 Dec 2009 12:02:57 -0800 PST
Received: from mist.nodomain (localhost [127.0.0.1])
	by mist.nodomain (8.14.3/8.14.3) with ESMTP id nBNK2vLZ010893;
	Wed, 23 Dec 2009 12:02:57 -0800 (PST)
	(envelope-from mla@mist.nodomain)
Received: (from dan@localhost)
	by mist.nodomain (8.14.3/8.14.3/Submit) id nBNK2vkL010892;
	Wed, 23 Dec 2009 12:02:57 -0800 (PST)
	(envelope-from mla)
Message-Id: <200912232002.nBNK2vkL010892@mist.nodomain>
Date: Wed, 23 Dec 2009 12:02:57 -0800 (PST)
From: Dan Strick <mla_strick@att.net>
Reply-To: Dan Strick <mla_strick@att.net>
To: FreeBSD-gnats-submit@freebsd.org
Cc: mla@mist.nodomain
Subject: either xterm -C or ioctl TIOCCONS is broken
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         141928
>Category:       kern
>Synopsis:       [libteken] either xterm -C or ioctl TIOCCONS is broken
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    ed
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Dec 23 20:30:01 UTC 2009
>Closed-Date:    
>Last-Modified:  Wed Dec 30 23:40:06 UTC 2009
>Originator:     Dan Strick <mla_strick@att.net>
>Release:        FreeBSD 8.0-RELEASE i386
>Organization:
none
>Environment:
System: FreeBSD mist 8.0-RELEASE FreeBSD 8.0-RELEASE #5: Mon Dec 7 18:59:52 PST 2009 root@mist:/usr/src/sys/i386/compile/MIST_DEBUG i386
xterm-247
xorg 7.4
>Description:
	The -C option to the xterm program is broken.  It is supposed
	to redirect console messages to the xterm window by issuing the
	tty TIOCCONS ioctl for the xterm pty.  This was working in
	FreeBSD 6.1 (for example), but since then the ioctl seems to have
	been modified to require root privilege and the xterm program has
	been reconfigured to drop root privilege almost immediately after
	starting.
	The xterm program requires that /dev/console belongs to the
	current effective user-id and this used to be all that the
	TIOCCONS ioctl required.  (Otherwise why does /etc/fbtab exist?)
>How-To-Repeat:
	Make some non-root user the owner of /dev/console and do
	"xterm -C" as that user.  Then do something that generates console
	output (e.g. plug in a usb device).  Note that the output went
	to the real console and not to the xterm window.
>Fix:
	Either modify the TIOCCONS iotcl so that root privilege is not
	required if /dev/console belongs to the current effective user-id
	or rebuild xterm to not drop root privilege until it execs the
	user's shell within the xterm window.
	For example, as root:
	  1) cd /usr/ports/x11/xterm
	  2) Append "--enable-setuid" to the CONFIGURE_ARGS+= line
		in the Makefile.
	  3) make install clean

	Presumably someone thought they had good reasons for breaking
	xterm -C.  There are security issues buried here and xterm is
	an extraordinarily messy program, but console output redirection
	is a rather important feature.

	Was it really necessary to castrate the TIOCCONS ioctl?
	Reenabling this ioctl seems to be the simplest and least risky
	way to fix xterm -C.

	Playing games with /etc/syslog.conf is ugly and clumsy and doing
	something like "tail -f /var/log/messages" in the xterm window
	is ugly and clumsy and unreliable.
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->ed 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Wed Dec 23 20:32:18 UTC 2009 
Responsible-Changed-Why:  
ed, can you advise please?  I'm guessing at the categorization. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=141928 

From: Ed Schouten <ed@80386.nl>
To: bug-followup@FreeBSD.org, mla_strick@att.net
Cc:  
Subject: Re: kern/141928: [libteken] either xterm -C or ioctl TIOCCONS is
 broken
Date: Sat, 26 Dec 2009 14:38:00 +0100

 --3TeSZ3lw9yLEF8lD
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 Content-Transfer-Encoding: quoted-printable
 
 Hello Dan,
 
 The reason why I changed it to the way it is right now, is because it's
 more in line with the futuristic security model we'll hopefully gain in
 the future. Letting the permission to use TIOCCONS depend on the file
 attributes of a random character device surely isnt't the way to go.
 
 Robert Watson and I discussed this and I am considering adding a sysctl
 to the kernel to allow TIOCCONS to be used without any superuser
 privileges. Would that suit your needs?
 
 Merry Christmas,
 --=20
  Ed Schouten <ed@80386.nl>
  WWW: http://80386.nl/
 
 --3TeSZ3lw9yLEF8lD
 Content-Type: application/pgp-signature
 Content-Disposition: inline
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.10 (FreeBSD)
 
 iEYEARECAAYFAks2EbgACgkQ52SDGA2eCwUN5ACfcZZ4JPXDiWjziizO5jXwkWkB
 AQ0An0uTTv1DLg+j6hOy1de9aCwADeVs
 =/hKc
 -----END PGP SIGNATURE-----
 
 --3TeSZ3lw9yLEF8lD--

From: Dan Strick <mla_strick@att.net>
To: bug-followup@freebsd.org, ed@80386.nl
Cc: mla@mist.nodomain
Subject: Re: kern/141928: either xterm -C or ioctl TIOCCONS is broken
Date: Wed, 30 Dec 2009 15:35:35 -0800 (PST)

 > Letting the permission to use TIOCCONS depend on the file
 > attributes of a random character device surely isnt't the way to go.
 >
 > Robert Watson and I discussed this and I am considering adding a sysctl
 > to the kernel to allow TIOCCONS to be used without any superuser
 > privileges. Would that suit your needs?
 
 That should work for me since I am the only person who can log onto my
 workstation (assuming I can set the sysctl in /boot/loader.conf).
 A public workstation might need finer control over the privilege.
 
 Dan Strick

From: Ed Schouten <ed@80386.nl>
To: Dan Strick <mla_strick@att.net>
Cc: bug-followup@freebsd.org
Subject: Re: kern/141928: either xterm -C or ioctl TIOCCONS is broken
Date: Thu, 31 Dec 2009 00:38:20 +0100

 --x7n88EPMnfci8OF7
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 Content-Transfer-Encoding: quoted-printable
 
 * Dan Strick <mla_strick@att.net> wrote:
 > That should work for me since I am the only person who can log onto my
 > workstation (assuming I can set the sysctl in /boot/loader.conf).
 > A public workstation might need finer control over the privilege.
 
 Sure, but that's hopefully something the TrustedBSD folks could provide
 in the future. I'll write a patch one of these days.
 
 Happy new year,
 --=20
  Ed Schouten <ed@80386.nl>
  WWW: http://80386.nl/
 
 --x7n88EPMnfci8OF7
 Content-Type: application/pgp-signature
 Content-Disposition: inline
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.10 (FreeBSD)
 
 iEYEARECAAYFAks75GwACgkQ52SDGA2eCwU6cACeO1rYLnNyBvVBx8T3AoiAwZcI
 rhMAn0mADv6ki8mGQuHcQlmyFBneES7u
 =NX/m
 -----END PGP SIGNATURE-----
 
 --x7n88EPMnfci8OF7--
>Unformatted:
