[fpc-devel] Linux kernel behaviour change regarding keyboard
Daniël Mantione
daniel.mantione at freepascal.org
Wed Jul 18 20:52:35 CEST 2007
Op Wed, 18 Jul 2007, schreef Michael Van Canneyt:
> On Wed, 18 Jul 2007, Ales( Katona wrote:
>
> > Why? You have your good ol' PING doing it. I agree tho that if a wrapper
> > can do it for us it's safest. Or if the ide can do it on start, and
> > always setuid(userid) itself right after setting the proper things. I
> > don't see a problem with ANY program being setuid if it has a proper
> > reason, and is audited for it.
> >
> > But as I sayed a wrapper, of if there's a non-setuid way then of course
> > that should be used.
>
> Under the assumption a setuid root program is the only possible option:
>
> The safest - and in my opinion only correct - way is to write a small setuid
> root program which sets the proper TTY stuff, and then executes the IDE as
> the normal user.
>
> The program can easily be audited, as it'll be maybe 50 lines of code...
If the user switches VT, the keyboard needs to be unpatched. So this
approach won't fully work. However, a solution that can work is to make
the keyboard unit execute a setuid root helper to which it communicates
through a pipe.
Daniël
More information about the fpc-devel
mailing list