[fpc-devel] Linux kernel behaviour change regarding keyboard

Marco van de Voort marcov at stack.nl
Wed Jul 18 17:42:30 CEST 2007


> On Wed, 18 Jul 2007, Marco van de Voort wrote:
> 
> > > On 18 Jul 2007, at 14:08, Jonas Maebe wrote:
> > > 
> > > >> Install the IDE setuid.
> > > >
> > > > That would be an extremely bad idea with the current stability  
> > > > record of the IDE.
> > > 
> > > Not to mention that it allows you to open and overwrite any arbitrary  
> > > file.
> > 
> > Yes. Just like we all have for decades. And no, it is not ideal, but
> > apparantly that is what the kernel devels want as the only way to access the
> > full terminal capability.
> 
> You cannot distribute a tool which creates a security hole as large as from
> here till Tokio. That would not look good the day it is discovered, and
> arguments like "the kernel forcing us to do so" will not help us then.

What is the security hole exactly?
 
Or does Linux allow any user to change kbd, even if he is not on the
console?



More information about the fpc-devel mailing list