| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 19 Jul 2007 11:17:50 -0400 From: "Dmitry Torokhov" <dmitry.torokhov@...il.com> To: "Daniel Mantione" <daniel.mantione@...epascal.org> Cc: linux-kernel@...r.kernel.org, "Andrew Morton" <akpm@...ux-foundation.org> Subject: Re: Keyboard programming needs root Hi Daniel, On 7/14/07, Daniel Mantione <daniel.mantione@...epascal.org> wrote: > Hello, > > A while back a patch was merged to make that only root can program the > keyboard: > > http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0b360adbdb54d5b98b78d57ba0916bc4b8871968 > > Is this patch discussable? I think this patch isn't proper because of the > following reasons: > > * Users can play games in many ways. They can configure the terminal > settings, (remove the automatic line feed, disable the echo etc). They can > load console fonts. They can still put the keyboard in raw mode, etc. Keyboard raw mode or disabling line echo may be annoying but you really don't want someone leaving box after binding "rm -rf /" to a backspace key... > * All of these games can be prevented by making mingetty (or whatever getty > is used) or PAM can put the console into a known state after logout. > * All of these games are annoyances, system security is not compromised. > * I do not see a problem with for example a French user doing a "loadkeys > fr" if that allows hims to use the computer easier. > > Worst issue for me though, is that KDSBENT is needed to be able to catch > keys like shift+tab, alt+fx, escape without delay. My application suddenly > needs root permissions to work properly. Yes, if your application mucks with the console it has to be trusted... > The alternative, semi raw mode, > has the disadvantage that you need to implement your own keymaps (like X). > In short, this change breaks applications. > You may also try reading data directly from evdev devices... They are normally privileged as well but usually user logged on console is given access to them. -- Dmitry - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists