| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 14 Jul 2007 08:32:32 +0200 From: Daniel Mantione <daniel.mantione@...epascal.org> To: linux-kernel@...r.kernel.org Subject: Keyboard programming needs root Hello, A while back a patch was merged to make that only root can program the keyboard: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0b360adbdb54d5b98b78d57ba0916bc4b8871968 Is this patch discussable? I think this patch isn't proper because of the following reasons: * Users can play games in many ways. They can configure the terminal settings, (remove the automatic line feed, disable the echo etc). They can load console fonts. They can still put the keyboard in raw mode, etc. * All of these games can be prevented by making mingetty (or whatever getty is used) or PAM can put the console into a known state after logout. * All of these games are annoyances, system security is not compromised. * I do not see a problem with for example a French user doing a "loadkeys fr" if that allows hims to use the computer easier. Worst issue for me though, is that KDSBENT is needed to be able to catch keys like shift+tab, alt+fx, escape without delay. My application suddenly needs root permissions to work properly. The alternative, semi raw mode, has the disadvantage that you need to implement your own keymaps (like X). In short, this change breaks applications. Daniƫl Mantione - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists