From ed@hoeg.nl  Sat Jun 10 19:52:29 2006
Return-Path: <ed@hoeg.nl>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 90D3116A418
	for <FreeBSD-gnats-submit@freebsd.org>; Sat, 10 Jun 2006 19:52:29 +0000 (UTC)
	(envelope-from ed@hoeg.nl)
Received: from palm.hoeg.nl (mx0.hoeg.nl [83.98.131.211])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6DAD543D81
	for <FreeBSD-gnats-submit@freebsd.org>; Sat, 10 Jun 2006 19:52:28 +0000 (GMT)
	(envelope-from ed@hoeg.nl)
Received: by palm.hoeg.nl (Postfix, from userid 1000)
	id CE1251706B; Sat, 10 Jun 2006 21:52:26 +0200 (CEST)
Message-Id: <20060610195226.CE1251706B@palm.hoeg.nl>
Date: Sat, 10 Jun 2006 21:52:26 +0200 (CEST)
From: Ed Schouten <ed@fxq.nl>
Reply-To: Ed Schouten <ed@fxq.nl>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: [syscons] Add sysctl to disallow VT_LOCKSWITCH
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         98788
>Category:       kern
>Synopsis:       [syscons] [patch] Add sysctl to disallow VT_LOCKSWITCH
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sat Jun 10 20:00:30 GMT 2006
>Closed-Date:    
>Last-Modified:  Sat Jun 10 20:31:56 GMT 2006
>Originator:     Ed Schouten
>Release:        FreeBSD 5.5-STABLE i386
>Organization:
Dispuut Interlink
>Environment:
System: FreeBSD palm.hoeg.nl 5.5-STABLE FreeBSD 5.5-STABLE #0: Mon May 29 10:55:24 CEST 2006 root@palm.hoeg.nl:/usr/obj/usr/src/sys/PALM i386
>Description:
The VT_LOCKSWITCH ioctl for syscons allows a user to disable the Alt Fx
functionality of the terminal. The lock(1) utility also uses this ioctl
when '-v' is passed as an argument.

Though very useful to entirely lock a machine, it may be unwanted (a
public machine). A sysctl to only allow this ioctl to super-users would
be very useful.
>How-To-Repeat:
Run lock -v on a machine with a lot of users. Other users get mad at you
because they want to log in.
>Fix:
The following patch adds a sysctl that allows you to limit this ioctl's
usage to super-users only.

%%%
--- sys/dev/syscons/syscons.c	Sat Jun 10 21:21:39 2006
+++ sys/dev/syscons/syscons.c	Sat Jun 10 21:31:06 2006
@@ -112,6 +112,8 @@
 static	int		saver_mode = CONS_NO_SAVER; /* LKM/user saver */
 static	int		run_scrn_saver = FALSE;	/* should run the saver? */
 static	int		enable_bell = TRUE; /* enable beeper */
+			/* locking terminal when unprivileged */
+static	int		unprivileged_lockswitch = TRUE;
 
 #ifndef SC_DISABLE_REBOOT
 static  int		enable_reboot = TRUE; /* enable keyboard reboot */
@@ -136,6 +138,9 @@
     &sc_saver_keyb_only, 0, "screen saver interrupted by input only");
 SYSCTL_INT(_hw_syscons, OID_AUTO, bell, CTLFLAG_RW, &enable_bell, 
     0, "enable bell");
+SYSCTL_INT(_hw_syscons, OID_AUTO, unprivileged_lockswitch, CTLFLAG_RW,
+    &unprivileged_lockswitch, 0,
+    "allow terminal switch locking when unprivileged");
 #ifndef SC_DISABLE_REBOOT
 SYSCTL_INT(_hw_syscons, OID_AUTO, kbd_reboot, CTLFLAG_RW|CTLFLAG_SECURE, &enable_reboot,
     0, "enable keyboard reboot");
@@ -1059,6 +1064,11 @@
 	return 0;
 
     case VT_LOCKSWITCH:		/* prevent vty switching */
+	if (unprivileged_lockswitch == 0) {
+		error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL);
+		if (error)
+			return (EPERM);
+	}
 	if ((*(int *)data) & 0x01)
 	    sc->flags |= SC_SCRN_VTYLOCK;
 	else
%%%
>Release-Note:
>Audit-Trail:
>Unformatted:
