[fpc-devel] Linux kernel behaviour change regarding keyboard
Michael Van Canneyt
michael at freepascal.org
Wed Jul 18 21:20:10 CEST 2007
On Wed, 18 Jul 2007, Daniël Mantione wrote:
>
>
> Op Wed, 18 Jul 2007, schreef Michael Van Canneyt:
>
> >
> >
> > On Wed, 18 Jul 2007, Daniël Mantione wrote:
> >
> > >
> > >
> > > Op Wed, 18 Jul 2007, schreef Michael Van Canneyt:
> > >
> > > > On Wed, 18 Jul 2007, Ales( Katona wrote:
> > > >
> > > > > Why? You have your good ol' PING doing it. I agree tho that if a wrapper
> > > > > can do it for us it's safest. Or if the ide can do it on start, and
> > > > > always setuid(userid) itself right after setting the proper things. I
> > > > > don't see a problem with ANY program being setuid if it has a proper
> > > > > reason, and is audited for it.
> > > > >
> > > > > But as I sayed a wrapper, of if there's a non-setuid way then of course
> > > > > that should be used.
> > > >
> > > > Under the assumption a setuid root program is the only possible option:
> > > >
> > > > The safest - and in my opinion only correct - way is to write a small setuid
> > > > root program which sets the proper TTY stuff, and then executes the IDE as
> > > > the normal user.
> > > >
> > > > The program can easily be audited, as it'll be maybe 50 lines of code...
> > >
> > > If the user switches VT, the keyboard needs to be unpatched. So this
> > > approach won't fully work. However, a solution that can work is to make
> > > the keyboard unit execute a setuid root helper to which it communicates
> > > through a pipe.
> >
> > I object to this; The keyboard unit should not be able to do this in the
> > first place. It's supposed to be read-only. If the linux kernel does not
> > allow you any more to trap some weird key combinations unless you are root,
> > well then that's it... If you want to use these keys, you'll have to run your
> > programs as root...
> >
> > Or use a GUI IDE like Lazarus...
>
> You just proposed this yourself, but before executing the IDE?
? I proposed to use a small wrapper program, which does an Exec() after setting
the proper TTY properties. Not set up a communication channel with a setuid root
program. The solution is worse than the problem then...
Michael.
More information about the fpc-devel
mailing list