LCDproc development and user support list

Text archives Help

[Lcdproc] Idea for improving security

Chronological Thread 
  • From: gfk AT (Guillaume Filion)
  • Subject: [Lcdproc] Idea for improving security
  • Date: Thu Oct 24 03:44:01 2002

At 21:19 -0600 23/10/02, William W. Ferrell wrote:
>gfk AT
> wrote ---
>> While reading the qmail security page(1), I tried to imagine a way of
>> making LCDproc more secure. As it has been stated a long time ago in
>> this mailing list(2), because LCDd has access to the IO ports it
>> could be used to modifiy the content of hard drives or reboot the
>> machine (using a buffer overflow for example). Most of the solutions
>> I imagined were crap, but one thing seems interesting, I explain it
>> below.
>I thought we already had LCDproc drop root privileges after it opened up
>the I/O port(s) it needed, if any. If that's true, wouldn't an attacker be
>limited to only the I/O port attached to the physical display device?
>Or did I miss something more fundamental in how I/O ports work in Linux? :=

Oh yeah, I didn't realised that it wasn't possible to call
port_access after we drop the root privileges...
Well, I guess LCDproc is pretty secure after all! 8)

Allright, I'm going to sleep. 8)
Guillaume Filion
Logidac Tech., Beaumont, Qu=E9bec, Canada -
PGP Key and more: (this will redirect)

Archive powered by MHonArc 2.6.18.

Top of page