lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <d120d5000607180714s2810d013t8e22544b52da6bf1@mail.gmail.com>
Date:	Tue, 18 Jul 2006 10:14:48 -0400
From:	"Dmitry Torokhov" <dmitry.torokhov@...il.com>
To:	"Anssi Hannula" <anssi.hannula@...il.com>
Cc:	linux-input@...ey.karlin.mff.cuni.cz, linux-kernel@...r.kernel.org
Subject: Re: input/eventX permissions, force feedback

On 7/18/06, Anssi Hannula <anssi.hannula@...il.com> wrote:
> Dmitry Torokhov wrote:
> > Hi Anssi,
> >
> > On 7/18/06, Anssi Hannula <anssi.hannula@...il.com> wrote:
> >
> >> Currently most distributions have /dev/input/event* strictly as 0600
> >> root:root or 0640 root:root. The user logged in will not have rights to
> >> the device, unlike /dev/input/js*, as he could read all passwords from
> >> the keyboard device.
> >>
> >> This is a problem, because /dev/input/event* is used for force feedback
> >> and should therefore be user-accessible.
> >>
> >> I can think of the following solutions to this problem:
> >>
> >> 1. Some creative udev rule to chmod /dev/input/event* less strictly when
> >> it has a /dev/input/js* and is thus a gaming device.
> >>
> >> 2. Some creative udev rule to chmod /dev/input/event* more strictly when
> >> it is a keyboard.
> >>
> >> 3. Have another force feedback interface also in /dev/input/js*.
> >>
> >
> > You can do it in udev looking either at MODALIAS or at EV and ABS
> > environment variables. I think it is pretty safe to say that a device
> > with EV_ABS, EV_FF, ABS_X and ABS_Y is a force-feedback joystick-type
> > device and not a keyboard.
>
> Okay, thanks. But I think it'd be more consistant if all devices that
> have js* entries would have the relaxed perms in event*. Looking at
> joydev.c, that seems to be devices where EV_ABS && (ABS_X || ABS_WHEEL
> || ABS_THROTTLE) && !(EV_KEY && BTN_TOUCH).
>

OK, you can do that too.

> There's another problem, too:
> Some distros (Fedora, Mandriva...) don't use groups with /dev/input/jsX,
> they use pam_console to chmod the device to the console owner.
> Unfortunately, it allows to specify the permissions based on device file
> names only.
>
> To solve this problem, I see two solutions:
>
> 1. Have the pam_console_apply program extended so that it can perform
> more complex matches (but what kind of matches would those be?).
>
> 2. Have udev create symlinks like the following case:
> /dev/input/event3
> /dev/input/js0
> /dev/input/jsevent0 => event3
> Then pam_console_apply could match jsevent[0-9]* and it would follow the
> symlink, thus chowning event3 to the wanted user.
>
> Unfortunately neither look too good to me. Do you have any other ideas?
>

I think this is really up to particular destribution to decide how
they want to handle security/granting access. One could even imagine
writing SELinux policies...

> > Another solution would be to relax permissions if user is also console
> > owner (home box installation).
>
> I thought of that too, but I thought it's too big a security risk, as
> it's not guaranteed that somebody else won't temporarily login on
> another terminal.
>

That is what you are doing with pam_console_apply, don't you?

-- 
Dmitry
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ