[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: changing framebuffer device owner during login



Previously Jochen Voss wrote:
> Which one is the security problem?  The pam_console module,
> or changing the owner of /dev/fb0? 

The pam_console module, as well as the idea of changing ownership
or permissions on a device when a user logs in. The problem is that
any user could do this:

* log in
* login procedure changes ownership on /dev/XXX so user can use it
* user starts a program that opens /dev/XXX
* user logs out but keeps program running
* other users logs in
* login procedure changes ownership on /dev/XXX again
* program from first user is still running with full access to /dev/XXX

> And what is the revoke system call supposed to do?

revoke will close all filehandles from all processes associated with a
device (permissions granting). This would fix the above problem:
at logout you could do revoke("/dev/XXX") which would fix this problem.
 
> Where can I learn about this?

File a bugreport on base-passwd to include a commented list of
users and groups (I've been meaning to write that anyway).

> So my problem remains: how can I setup my system to
> use the framebuffer console device as an ordinary user?
> Is this possible at all?

No really safe way unfortunately. The current best way is to use
a group and put users in that group, that also makes it explicit
that you can't give temporary access (ie while logged in at the
console) to a user.

Wichert.

-- 
  _________________________________________________________________
 /       Nothing is fool-proof to a sufficiently talented fool     \
| wichert@wiggy.net                   http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0  2805 3CB8 9250 2FA3 BC2D |



Reply to: