LCDproc development and user support list

Text archives Help

[Lcdproc] Idea for improving security

Chronological Thread 
  • From: wwf AT (William W. Ferrell)
  • Subject: [Lcdproc] Idea for improving security
  • Date: Thu Oct 24 03:20:01 2002

gfk AT
wrote ---
> Hi all,
> While reading the qmail security page(1), I tried to imagine a way of
> making LCDproc more secure. As it has been stated a long time ago in
> this mailing list(2), because LCDd has access to the IO ports it
> could be used to modifiy the content of hard drives or reboot the
> machine (using a buffer overflow for example). Most of the solutions
> I imagined were crap, but one thing seems interesting, I explain it
> below.

I thought we already had LCDproc drop root privileges after it opened up
the I/O port(s) it needed, if any. If that's true, wouldn't an attacker be
limited to only the I/O port attached to the physical display device?

Or did I miss something more fundamental in how I/O ports work in Linux? :)

Archive powered by MHonArc 2.6.18.

Top of page