Re: changing framebuffer device owner during login
Previously Jochen Voss wrote:
> Which one is the security problem? The pam_console module,
> or changing the owner of /dev/fb0?
The pam_console module, as well as the idea of changing ownership
or permissions on a device when a user logs in. The problem is that
any user could do this:
* log in
* login procedure changes ownership on /dev/XXX so user can use it
* user starts a program that opens /dev/XXX
* user logs out but keeps program running
* other users logs in
* login procedure changes ownership on /dev/XXX again
* program from first user is still running with full access to /dev/XXX
> And what is the revoke system call supposed to do?
revoke will close all filehandles from all processes associated with a
device (permissions granting). This would fix the above problem:
at logout you could do revoke("/dev/XXX") which would fix this problem.
> Where can I learn about this?
File a bugreport on base-passwd to include a commented list of
users and groups (I've been meaning to write that anyway).
> So my problem remains: how can I setup my system to
> use the framebuffer console device as an ordinary user?
> Is this possible at all?
No really safe way unfortunately. The current best way is to use
a group and put users in that group, that also makes it explicit
that you can't give temporary access (ie while logged in at the
console) to a user.
/ Nothing is fool-proof to a sufficiently talented fool \
| firstname.lastname@example.org http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |