[fpc-devel] Linux kernel behaviour change regarding keyboard

Daniël Mantione daniel.mantione at freepascal.org
Wed Jul 18 20:45:12 CEST 2007

Op Wed, 18 Jul 2007, schreef Sergei Gorelkin:

> Jonas Maebe wrote:
> > 
> > On 18 Jul 2007, at 14:08, Jonas Maebe wrote:
> > 
> > > > Install the IDE setuid.
> > > 
> > > That would be an extremely bad idea with the current stability record
> > > of the IDE.
> > 
> > Not to mention that it allows you to open and overwrite any arbitrary
> > file.
> > 
> Looking at that kernel patch, I see that it requires not uid=0, but rather
> certain caller's capability present.
> I don't have deep knowledge of the subject, but 'capability' sounds like
> 'privilege' (in Windows terms) for me. If it is so, then probably there is a
> way to solve the problem by assigning the required capability to IDE user(s)
> or process.

Yes, you need a certain capability, but in practise this means you must 
be root. This is because:

* You can only drop a capability, not get a capability as a process.
* Root has all capabilities, users don't have any capabilities.

However, there is the SETPCAP capability, where a process can set the 
capabilities of another process. So, a setuid helper program cuild assign 
the needed capability if certain conditions are met. Unfortunately due to 
a security hole SETPCAP has been revoked from even root. Without kernel 
modification this possible solution is unfortunately sabotaged.


More information about the fpc-devel mailing list