Dmitry Torokhov wrote:
> On 7/18/06, Anssi Hannula <[email protected]> wrote:
>
>> Dmitry Torokhov wrote:
>> > Hi Anssi,
>> >
>> > On 7/18/06, Anssi Hannula <[email protected]> wrote:
>> >
>> >> Currently most distributions have /dev/input/event* strictly as 0600
>> >> root:root or 0640 root:root. The user logged in will not have
>> rights to
>> >> the device, unlike /dev/input/js*, as he could read all passwords from
>> >> the keyboard device.
>> >>
>> >> This is a problem, because /dev/input/event* is used for force
>> feedback
>> >> and should therefore be user-accessible.
>> >>
>> >> I can think of the following solutions to this problem:
>> >>
>> >> 1. Some creative udev rule to chmod /dev/input/event* less strictly
>> when
>> >> it has a /dev/input/js* and is thus a gaming device.
>> >>
>> >> 2. Some creative udev rule to chmod /dev/input/event* more strictly
>> when
>> >> it is a keyboard.
>> >>
>> >> 3. Have another force feedback interface also in /dev/input/js*.
>> >>
>> >
>> > You can do it in udev looking either at MODALIAS or at EV and ABS
>> > environment variables. I think it is pretty safe to say that a device
>> > with EV_ABS, EV_FF, ABS_X and ABS_Y is a force-feedback joystick-type
>> > device and not a keyboard.
>>
>> Okay, thanks. But I think it'd be more consistant if all devices that
>> have js* entries would have the relaxed perms in event*. Looking at
>> joydev.c, that seems to be devices where EV_ABS && (ABS_X || ABS_WHEEL
>> || ABS_THROTTLE) && !(EV_KEY && BTN_TOUCH).
>>
>
> OK, you can do that too.
>
>> There's another problem, too:
>> Some distros (Fedora, Mandriva...) don't use groups with /dev/input/jsX,
>> they use pam_console to chmod the device to the console owner.
>> Unfortunately, it allows to specify the permissions based on device file
>> names only.
>>
>> To solve this problem, I see two solutions:
>>
>> 1. Have the pam_console_apply program extended so that it can perform
>> more complex matches (but what kind of matches would those be?).
>>
>> 2. Have udev create symlinks like the following case:
>> /dev/input/event3
>> /dev/input/js0
>> /dev/input/jsevent0 => event3
>> Then pam_console_apply could match jsevent[0-9]* and it would follow the
>> symlink, thus chowning event3 to the wanted user.
>>
>> Unfortunately neither look too good to me. Do you have any other ideas?
>>
>
> I think this is really up to particular destribution to decide how
> they want to handle security/granting access. One could even imagine
> writing SELinux policies...
Yes, it is. I just asked if you had any better idea or if you were
strongly opposed to the solutions I proposed, as I want to make a
working solution for my distribution (Mandriva).
>> > Another solution would be to relax permissions if user is also console
>> > owner (home box installation).
>>
>> I thought of that too, but I thought it's too big a security risk, as
>> it's not guaranteed that somebody else won't temporarily login on
>> another terminal.
>>
> That is what you are doing with pam_console_apply, don't you?
>
Yes, but afaics there are currently no device privileges given to the
console user which would compromise password security. Providing eventX
would do that.
--
Anssi Hannula
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]