[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <d120d5000707190817t62013ddcg966bd4e8c0ec116f@mail.gmail.com>
Date: Thu, 19 Jul 2007 11:17:50 -0400
From: "Dmitry Torokhov" <dmitry.torokhov@...il.com>
To: "Daniel Mantione" <daniel.mantione@...epascal.org>
Cc: linux-kernel@...r.kernel.org,
"Andrew Morton" <akpm@...ux-foundation.org>
Subject: Re: Keyboard programming needs root
Hi Daniel,
On 7/14/07, Daniel Mantione <daniel.mantione@...epascal.org> wrote:
> Hello,
>
> A while back a patch was merged to make that only root can program the
> keyboard:
>
> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0b360adbdb54d5b98b78d57ba0916bc4b8871968
>
> Is this patch discussable? I think this patch isn't proper because of the
> following reasons:
>
> * Users can play games in many ways. They can configure the terminal
> settings, (remove the automatic line feed, disable the echo etc). They can
> load console fonts. They can still put the keyboard in raw mode, etc.
Keyboard raw mode or disabling line echo may be annoying but you
really don't want someone leaving box after binding "rm -rf /" to a
backspace key...
> * All of these games can be prevented by making mingetty (or whatever getty
> is used) or PAM can put the console into a known state after logout.
> * All of these games are annoyances, system security is not compromised.
> * I do not see a problem with for example a French user doing a "loadkeys
> fr" if that allows hims to use the computer easier.
>
> Worst issue for me though, is that KDSBENT is needed to be able to catch
> keys like shift+tab, alt+fx, escape without delay. My application suddenly
> needs root permissions to work properly.
Yes, if your application mucks with the console it has to be trusted...
> The alternative, semi raw mode,
> has the disadvantage that you need to implement your own keymaps (like X).
> In short, this change breaks applications.
>
You may also try reading data directly from evdev devices... They are
normally privileged as well but usually user logged on console is
given access to them.
--
Dmitry
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists