> On Sep 3, 2017, at 7:49 PM, Dave Mielke <d...@mielke.cc> wrote: > > [quoted lines by rmgls on 2017/09/03 at 18:03 +0200] > >> I changed the permissions at compile time of the screen executable that I >> sent. Screen.c > > That isn't necessary. If you start with pure screen source and apply our > patch, > it will work. If it doesn't then something else is wrong. > > Tehre's another issue, too. Users have an implicit trust when getting source > from official sources. I wouldn't dare run any executable that's been > modified > by anyone who doesn't have a well established reputation. They're either > running this stuff as themselves or as root, and they simply, and rightly, > don't want to take any chances. > Yes for this point, it would be a security hole. I must thinked that.
>> shmid = shmget( key, size, IPC_CREAT | S_IRWXU | 660); > Sorry it was a typo. I am a braillait and my focus was not here! As I said. The synthesis is fine sometimes for me but not always. > This modified line actually is a case in point. S_IRWXU is a constant that > has > the octal value 0700, i.e. user-only permissions. That's correct. Adding more > bits makes the user's screen viewable by others, which is exactly what he > doesn't want. > > Now let's look at the 660 that's being ored to the correct value. While 660 > may > be correct chmod syntax, that's only because chmod is expecting an octal > value. > In C, 660 is being interpreted as a decimal number. 660 decimal works out to > being 1224 octal. That's clearly a bad value for the permissions of a shared > memory segment. Even if 660 were interpreted as octal, it'd be adding group > permissions and that's not what a user would want anyway. > > So please go back to pure screen source with just our patch applied. I'm > going > to guess regarding what the problem may be. > > Screen needs to be started first (at least for the first time) to ensure that > the shared memory segment is created before brltty tries to find it. Then > brltty must be started, and it must be started by the very same user who > started screen. This is nencessary for at least three reasons. First, that's > the only way for user-only permissions to allow access. Second, it's the only > way for both programs to be implicitly looking for the same shared memory > segment. Third, shared memory segments are private by default which means > that, > without a bit of extra work, another user wouldn't be able to find it. > I must admit these 3 points. You are right. In all cases, thanks for this clear and detailed explaination. Raoul > -- > Dave Mielke | 2213 Fox Crescent | http://Mielke.cc/ > Phone: 1-613-726-0014 | Ottawa, Ontario | http://Mielke.cc/bible/ > EMail: d...@mielke.cc | Canada K2A 1H7 | The Bible is the very Word of God. > _______________________________________________ > This message was sent via the BRLTTY mailing list. > To post a message, send an e-mail to: BRLTTY@brltty.com > For general information, go to: http://brltty.com/mailman/listinfo/brltty _______________________________________________ This message was sent via the BRLTTY mailing list. To post a message, send an e-mail to: BRLTTY@brltty.com For general information, go to: http://brltty.com/mailman/listinfo/brltty