[fpc-devel] Linux kernel behaviour change regarding keyboard
Daniël Mantione
daniel.mantione at freepascal.org
Wed Jul 18 20:45:12 CEST 2007
Op Wed, 18 Jul 2007, schreef Sergei Gorelkin:
> Jonas Maebe wrote:
> > =
> > On 18 Jul 2007, at 14:08, Jonas Maebe wrote:
> > =
> > > > Install the IDE setuid.
> > > =
> > > That would be an extremely bad idea with the current stability record
> > > of the IDE.
> > =
> > Not to mention that it allows you to open and overwrite any arbitrary
> > file.
> > =
> =
> Looking at that kernel patch, I see that it requires not uid=3D0, but rat=
her
> certain caller's capability present.
> I don't have deep knowledge of the subject, but 'capability' sounds like
> 'privilege' (in Windows terms) for me. If it is so, then probably there i=
s a
> way to solve the problem by assigning the required capability to IDE user=
(s)
> or process.
Yes, you need a certain capability, but in practise this means you must =
be root. This is because:
* You can only drop a capability, not get a capability as a process.
* Root has all capabilities, users don't have any capabilities.
However, there is the SETPCAP capability, where a process can set the =
capabilities of another process. So, a setuid helper program cuild assign =
the needed capability if certain conditions are met. Unfortunately due to =
a security hole SETPCAP has been revoked from even root. Without kernel =
modification this possible solution is unfortunately sabotaged.
Dani=EBl
More information about the fpc-devel
mailing list