Re: [fpc-devel] Linux kernel behaviour change regarding keyboard
On 17 Jul 2007, at 23:20, Marco van de Voort wrote: The result is that the keyboard unit is no longer able to catch keys like escape, shift+tab alt+F1..F12 etc. on the Linux console. This affects the Free Pascal IDE and any other program using the keyboard unit. Install the IDE setuid. That would be an extremely bad idea with the current stability record of the IDE. Jonas ___ fpc-devel maillist - fpc-devel@lists.freepascal.org http://lists.freepascal.org/mailman/listinfo/fpc-devel
Re: [fpc-devel] Linux kernel behaviour change regarding keyboard
On 18 Jul 2007, at 14:08, Jonas Maebe wrote: Install the IDE setuid. That would be an extremely bad idea with the current stability record of the IDE. Not to mention that it allows you to open and overwrite any arbitrary file. Jonas ___ fpc-devel maillist - fpc-devel@lists.freepascal.org http://lists.freepascal.org/mailman/listinfo/fpc-devel
Re: [fpc-devel] Linux kernel behaviour change regarding keyboard
Jonas Maebe wrote: On 18 Jul 2007, at 14:08, Jonas Maebe wrote: Install the IDE setuid. That would be an extremely bad idea with the current stability record of the IDE. Not to mention that it allows you to open and overwrite any arbitrary file. Looking at that kernel patch, I see that it requires not uid=0, but rather certain caller's capability present. I don't have deep knowledge of the subject, but 'capability' sounds like 'privilege' (in Windows terms) for me. If it is so, then probably there is a way to solve the problem by assigning the required capability to IDE user(s) or process. Sergei ___ fpc-devel maillist - fpc-devel@lists.freepascal.org http://lists.freepascal.org/mailman/listinfo/fpc-devel
Re: [fpc-devel] Linux kernel behaviour change regarding keyboard
On 18 Jul 2007, at 14:08, Jonas Maebe wrote: Install the IDE setuid. That would be an extremely bad idea with the current stability record of the IDE. Not to mention that it allows you to open and overwrite any arbitrary file. Yes. Just like we all have for decades. And no, it is not ideal, but apparantly that is what the kernel devels want as the only way to access the full terminal capability. ___ fpc-devel maillist - fpc-devel@lists.freepascal.org http://lists.freepascal.org/mailman/listinfo/fpc-devel
Re: [fpc-devel] Linux kernel behaviour change regarding keyboard
On Wed, 18 Jul 2007, Marco van de Voort wrote: On 18 Jul 2007, at 14:08, Jonas Maebe wrote: Install the IDE setuid. That would be an extremely bad idea with the current stability record of the IDE. Not to mention that it allows you to open and overwrite any arbitrary file. Yes. Just like we all have for decades. And no, it is not ideal, but apparantly that is what the kernel devels want as the only way to access the full terminal capability. You cannot distribute a tool which creates a security hole as large as from here till Tokio. That would not look good the day it is discovered, and arguments like the kernel forcing us to do so will not help us then. It just means you'll have less functionality. How does midnight commander solve it? As far as I know, it also has strange keyboard combinations ? Michael. ___ fpc-devel maillist - fpc-devel@lists.freepascal.org http://lists.freepascal.org/mailman/listinfo/fpc-devel
Re: [fpc-devel] Linux kernel behaviour change regarding keyboard
On 18 Jul 2007, at 17:42, Marco van de Voort wrote: On Wed, 18 Jul 2007, Marco van de Voort wrote: On 18 Jul 2007, at 14:08, Jonas Maebe wrote: Install the IDE setuid. That would be an extremely bad idea with the current stability record of the IDE. Not to mention that it allows you to open and overwrite any arbitrary file. Yes. Just like we all have for decades. No, we haven't. And no, it is not ideal, but apparantly that is what the kernel devels want as the only way to access the full terminal capability. You cannot distribute a tool which creates a security hole as large as from here till Tokio. That would not look good the day it is discovered, and arguments like the kernel forcing us to do so will not help us then. What is the security hole exactly? If you install the IDE as setuid root, then every user starting the IDE will run the IDE as if he were root. That means he can open and modify every single file on the system. And overwrite any binary with an own written program by just configuring the proper exe output directory in the IDE. And by using the shell functionality of the IDE, he can also open a root shell if that's more comfortable for him than using the IDE itself. Jonas ___ fpc-devel maillist - fpc-devel@lists.freepascal.org http://lists.freepascal.org/mailman/listinfo/fpc-devel
Re: [fpc-devel] Linux kernel behaviour change regarding keyboard
Michael Van Canneyt wrote: On Wed, 18 Jul 2007, Marco van de Voort wrote: On 18 Jul 2007, at 14:08, Jonas Maebe wrote: Install the IDE setuid. That would be an extremely bad idea with the current stability record of the IDE. Not to mention that it allows you to open and overwrite any arbitrary file. Yes. Just like we all have for decades. And no, it is not ideal, but apparantly that is what the kernel devels want as the only way to access the full terminal capability. You cannot distribute a tool which creates a security hole as large as from here till Tokio. That would not look good the day it is discovered, and arguments like the kernel forcing us to do so will not help us then. It just means you'll have less functionality. How does midnight commander solve it? As far as I know, it also has strange keyboard combinations ? Yes, exactly. And as far as I know, this is one of the most common complaints from people used to other NC-like managers running on other systems (compare this to users used to TP/BP IDE). That's actually a very good example. ;-) Tomas ___ fpc-devel maillist - fpc-devel@lists.freepascal.org http://lists.freepascal.org/mailman/listinfo/fpc-devel
Re: [fpc-devel] Linux kernel behaviour change regarding keyboard
On 18 Jul 2007, at 18:01, Ales( Katona [EMAIL PROTECTED] Ales wrote: While I agree that it could cause some PR trouble, I don't see how this is our problem. It's not like anyone blames the software makers for windows security issues... This has nothing at all to do with pr trouble, but with not installing a local rootkit with every FPC install. I'm just speechless, I really can't believe what I'm reading here... Jonas ___ fpc-devel maillist - fpc-devel@lists.freepascal.org http://lists.freepascal.org/mailman/listinfo/fpc-devel
Re: [fpc-devel] Linux kernel behaviour change regarding keyboard
And to add to my last setuid stuff.. I think that if we properly audit the IDE code so that: a) fpc is called in the uid of the original ide starter b) the console is run in the uid of the original ide starter c) compiler programs are called in the uid of the original IDE starter I think it's ok to use setuid after these. Ofcourse, depending on how the IDE executes all the externals, it might be a trouble. But if we do some typical fork, it shouldn't be so difficult (I'm willing to do this should we decide to go this route). Ales ___ fpc-devel maillist - fpc-devel@lists.freepascal.org http://lists.freepascal.org/mailman/listinfo/fpc-devel
Re: [fpc-devel] Linux kernel behaviour change regarding keyboard
Michael Van Canneyt wrote: On Wed, 18 Jul 2007, Marco van de Voort wrote: On 18 Jul 2007, at 14:08, Jonas Maebe wrote: Install the IDE setuid. That would be an extremely bad idea with the current stability record of the IDE. Not to mention that it allows you to open and overwrite any arbitrary file. Yes. Just like we all have for decades. And no, it is not ideal, but apparantly that is what the kernel devels want as the only way to access the full terminal capability. You cannot distribute a tool which creates a security hole as large as from here till Tokio. That would not look good the day it is discovered, and arguments like the kernel forcing us to do so will not help us then. It just means you'll have less functionality. How does midnight commander solve it? As far as I know, it also has strange keyboard combinations ? Sorry for joining the discussion so late, but what special key combos are we talking about? And what changed in the kernel? I agree that it does sound absurd to require root privs - and of course it goes without saying that the IDE _cannot_ under any circumstance be distributed to run as +s, it just cannnot happen, period. These privileges that we are talking about, are they transferrable between processes? In that case, we could write a small setuid wrapper to setup the terminal, then exec the IDE without privs. Under any circumstance, if there really isn't any New And Improved way to do this sans root, we should bring it up on the kernel mailing list. I can do that, if need be - I'm always quite interested in security matters. -- Regards, Christian Iversen ___ fpc-devel maillist - fpc-devel@lists.freepascal.org http://lists.freepascal.org/mailman/listinfo/fpc-devel
Re: [fpc-devel] Linux kernel behaviour change regarding keyboard
Ales wrote: And to add to my last setuid stuff.. I think that if we properly audit the IDE code so that: a) fpc is called in the uid of the original ide starter b) the console is run in the uid of the original ide starter c) compiler programs are called in the uid of the original IDE starter I think it's ok to use setuid after these. Ofcourse, depending on how the IDE executes all the externals, it might be a trouble. But if we do some typical fork, it shouldn't be so difficult (I'm willing to do this should we decide to go this route). There is absolutely no clean way to use setuid in a program the size of the IDE. Trust me. It is vaguely possible that a very small (think less than 100 LOC) wrapper could be generated, which will simply set certain configuration parameters of the PTY that the IDE is attached to. I imagine that this would work. This could be distributed, and called from the IDE after startup. The entire IDE would then be run completely as normal, by the user. Even with such a small wrapper, one would have to put a big fat warning in the README file and similar places. In the Debian package, debconf should ask the user if s/he is ok with installing a suid program. If this is not feasible, then the IDE will have to be redistributed with reduced functionality. You just cannot compromise when it comes to security matters. Ever. -- Regards, Christian Iversen ___ fpc-devel maillist - fpc-devel@lists.freepascal.org http://lists.freepascal.org/mailman/listinfo/fpc-devel
Re: [fpc-devel] Linux kernel behaviour change regarding keyboard
Op Wed, 18 Jul 2007, schreef Sergei Gorelkin: Jonas Maebe wrote: On 18 Jul 2007, at 14:08, Jonas Maebe wrote: Install the IDE setuid. That would be an extremely bad idea with the current stability record of the IDE. Not to mention that it allows you to open and overwrite any arbitrary file. Looking at that kernel patch, I see that it requires not uid=0, but rather certain caller's capability present. I don't have deep knowledge of the subject, but 'capability' sounds like 'privilege' (in Windows terms) for me. If it is so, then probably there is a way to solve the problem by assigning the required capability to IDE user(s) or process. Yes, you need a certain capability, but in practise this means you must be root. This is because: * You can only drop a capability, not get a capability as a process. * Root has all capabilities, users don't have any capabilities. However, there is the SETPCAP capability, where a process can set the capabilities of another process. So, a setuid helper program cuild assign the needed capability if certain conditions are met. Unfortunately due to a security hole SETPCAP has been revoked from even root. Without kernel modification this possible solution is unfortunately sabotaged. Daniël___ fpc-devel maillist - fpc-devel@lists.freepascal.org http://lists.freepascal.org/mailman/listinfo/fpc-devel
Re: [fpc-devel] Linux kernel behaviour change regarding keyboard
Op Wed, 18 Jul 2007, schreef Michael Van Canneyt: The scary thing is the setuid root. The communication channel can be standard i/o and there is nothing scary about that. There is: a user using the keyboard unit should then distribute the (setuid) program too, and that is not acceptable. (not for me as an FPC developer, and most likely also not fot the user) So if you want to go through with this, develop a separate keyboard driver for linux console that can catch all keys. But not the standard driver. Yes, but again no difference from a wrapper that launches the program. I fully agree that it would suck to have to distribute such a wrapper or helper and that it would need to be optional. I understand. But spawning an external setuid process and talking to that just to get a text mode thing working in some weird cases is not one, but two bridges too far for me... I mean, seriously, how many people develop on the Linux console ? You can't even open a browser then ! I expect most people do their work in an X-Term if they use the fp ide... Many people indeed use X. But on the Linux console, thanks to fbdev, you can get a really comfortable text mode (i.e. 1024x768 with a high res 8x16 font is still a 128x48 text mode). This makes make you can see large amounts of source at the same time, combined with a speed and responsiveness of a text mode UI. Compared to xterm, you get the VGA character set instead of the limited VT100 character set and the keyboard works better (for example shift+tab is impossible in xterm). Therefore, console is popular as well. By the way, I have started to talk to Andrew Morton and his reply was constructive. Perhaps a proper solution is possible after all. Great, that is the way to go !! Please, keep us updated on any progress you make on this :-) Sure! Daniël___ fpc-devel maillist - fpc-devel@lists.freepascal.org http://lists.freepascal.org/mailman/listinfo/fpc-devel
Re: [fpc-devel] Linux kernel behaviour change regarding keyboard
Op Wed, 18 Jul 2007, schreef Michael Van Canneyt: Under the assumption a setuid root program is the only possible option: The safest - and in my opinion only correct - way is to write a small setuid root program which sets the proper TTY stuff, and then executes the IDE as the normal user. The program can easily be audited, as it'll be maybe 50 lines of code... If the user switches VT, the keyboard needs to be unpatched. So this approach won't fully work. However, a solution that can work is to make the keyboard unit execute a setuid root helper to which it communicates through a pipe. This would introduce quite some linux specific code on a lot of already complicated points to the IDE. ___ fpc-devel maillist - fpc-devel@lists.freepascal.org http://lists.freepascal.org/mailman/listinfo/fpc-devel
Re: [fpc-devel] Linux kernel behaviour change regarding keyboard
Daniël Mantione wrote: Apparently someone suddenly got a good idea that you need to be root to [snip] The result is that the keyboard unit is no longer able to catch keys like escape, shift+tab alt+F1..F12 etc. on the Linux console. This affects the Perhaps the programming can be reverted when the process that reprogrammed it, exits ? Micha ___ fpc-devel maillist - fpc-devel@lists.freepascal.org http://lists.freepascal.org/mailman/listinfo/fpc-devel
Re: [fpc-devel] Linux kernel behaviour change regarding keyboard
Op Fri, 13 Jul 2007, schreef Ales( Katona: I think that together with the debian gpm crap it's safe to flag linux as a non-target for the IDE and be done with it. It's IMHO not worth anyone's nerves to try and hit this moving tty/console target anymore... Well, I need the IDE for compiler development, so it has to work for at least me. Daniël___ fpc-devel maillist - fpc-devel@lists.freepascal.org http://lists.freepascal.org/mailman/listinfo/fpc-devel
Re: [fpc-devel] Linux kernel behaviour change regarding keyboard
I think that together with the debian gpm crap it's safe to flag linux as a non-target for the IDE and be done with it. It's IMHO not worth anyone's nerves to try and hit this moving tty/console target anymore... Ales ___ fpc-devel maillist - fpc-devel@lists.freepascal.org http://lists.freepascal.org/mailman/listinfo/fpc-devel
[fpc-devel] Linux kernel behaviour change regarding keyboard
Hello, Apparently someone suddenly got a good idea that you need to be root to reprogram the keyboard, and got a patch merged into the Linux kernel: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=0b360adbdb54d5b98b78d57ba0916bc4b8871968 The result is that the keyboard unit is no longer able to catch keys like escape, shift+tab alt+F1..F12 etc. on the Linux console. This affects the Free Pascal IDE and any other program using the keyboard unit. Daniël___ fpc-devel maillist - fpc-devel@lists.freepascal.org http://lists.freepascal.org/mailman/listinfo/fpc-devel