| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 1 Jun 2007 12:06:57 -0300 From: Henrique de Moraes Holschuh <hmh@....eng.br> To: Dmitry Torokhov <dmitry.torokhov@...il.com> Cc: Matthew Garrett <mjg59@...f.ucam.org>, Richard Hughes <hughsient@...il.com>, linux-acpi@...r.kernel.org, linux-input@...ey.karlin.mff.cuni.cz, linux-kernel@...r.kernel.org Subject: Re: [PATCH] Input: document the proper usage of EV_KEY and KEY_UNKNOWN On Fri, 01 Jun 2007, Dmitry Torokhov wrote: > On 6/1/07, Matthew Garrett <mjg59@...f.ucam.org> wrote: > What I am trying to say - there already EVIOCSKEYCODE ioctl in the > kernel. And for force feedback devices to work you need to nable > writing to corresponding /dev/input/eventX thus opening possibility to > alter the keymap table. I guess you coudl analyze capabilities of a > device and only relax permissions for devices that have FF... Agreed. CAP_SYSADMIN or somesuch should be required for some of those IOCTLs, at least on keyboards. I don't see a problem with a digitizing tablet relaxing that to allow anyone, for example, so it makes sense to punt this test to the driver level (and not input layer level), or to make it configurable somehow from the driver level before registering the input device. > Anyway, I think that we don't want ordinary users to alter hardware > keymapping, it should indeed be priveleged operation done by box's > administrator. Hopefully the infrastructure (hal/udev/whatever) will > be able to load proper keymap at boot time so even that is not needed. > > Why I think using kernel remapping_in addition_ to X remapping is better: Agreed. > The biggest cons for KEY_UNKNOWN + scancode is that presently we do > not have the code to iteract with user. Actually, it is more like "we don't have it, and it is non-trivial to do it right", if I understood Matthew correctly. > >> > The standard setup in an office environment is likely to be > >> > multiuser. > >> > >> Huh? In my limited experience everyone in the office gets its own box. > >> And I am not talking about software shop. > > > >Standard is that everyone gets their own machine, but usually everyone > >has an account on all of them. > > Which is never used (except remotely)... Oh yes, it *is* used, and very much so. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists