On Wednesday, July 20, 2016 8:47:45 PM CEST Michael Ellerman wrote: > At least for stdout-path, I can't really see how that would significantly help > an attacker, but I'm all ears if anyone has ideas. That's actually an easy one that came up before: If an attacker controls a tty device (e.g. network console) that can be used to enter a debugger (kdb, kgdb, xmon, ...), enabling that to be the console device gives you a direct attack vector. The same thing will happen if you have a piece of software that intentially gives extra rights to the owner of the console device by treating it as "physical presence". Arnd
