Re: Breakage from patch: Only root should be able to set the N_MOUSE line discipline.
On Tue, Mar 01, 2005 at 08:17:47AM -0800, Linus Torvalds wrote: > On Tue, 1 Mar 2005, Vojtech Pavlik wrote: > > > > A nonprivileged user could inject mouse movement and/or keystrokes > > (using the sunkbd driver) into the input subsystem, taking over the > > console/X, where another user is logged in. > > > > Simply using a slightly modified inputattach on a PTY will do the trick. > > Might an alternative be to just make writes to N_MOUSE require privileges? > > Ie "reading is ok, and changing to N_MOUSE is ok, but tryign to write a > mouse packet is not"? The check should be easy enough to add to the > ldisc.write thing? No, since you wouldn't write anything to the device, the writes would happen on the other end of the pty. -- Vojtech Pavlik SuSE Labs, SuSE CR - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Breakage from patch: Only root should be able to set the N_MOUSE line discipline.
On Tue, 1 Mar 2005, Vojtech Pavlik wrote: > > A nonprivileged user could inject mouse movement and/or keystrokes > (using the sunkbd driver) into the input subsystem, taking over the > console/X, where another user is logged in. > > Simply using a slightly modified inputattach on a PTY will do the trick. Might an alternative be to just make writes to N_MOUSE require privileges? Ie "reading is ok, and changing to N_MOUSE is ok, but tryign to write a mouse packet is not"? The check should be easy enough to add to the ldisc.write thing? Linus - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Breakage from patch: Only root should be able to set the N_MOUSE line discipline.
On Maw, 2005-03-01 at 11:47, Vojtech Pavlik wrote: > A nonprivileged user could inject mouse movement and/or keystrokes > (using the sunkbd driver) into the input subsystem, taking over the > console/X, where another user is logged in. Ouch. Ok that explains much. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Breakage from patch: Only root should be able to set the N_MOUSE line discipline.
On Sat, Feb 26, 2005 at 11:20:44AM +, Alan Cox wrote: > On Gwe, 2005-01-28 at 16:12, Linux Kernel Mailing List wrote: > > ChangeSet 1.1977.1.2, 2005/01/28 17:12:20+01:00, [EMAIL PROTECTED] > > > > input: Only root should be able to set the N_MOUSE line discipline. > > > > I finally had a chance to trace down why my mouse code for a little gui > library started working differently and causing problems. This broken > change breaks apps that use framebuffer in unpriviledged process form > and want to use the mouse support in kernel and forces them to become > setuid root or to revert to 2.4 style user space mouse drivers. If this > functonality is root only kernel space it might as well be entirely > deleted IMHO. > > I can see no reason for this change - the ldisc is supposed to be > configurable by non root users. It is reset on close/hangup in Linux so > a user cannot jam a port up. > > Can someone please justify this change. If not can it be reverted A nonprivileged user could inject mouse movement and/or keystrokes (using the sunkbd driver) into the input subsystem, taking over the console/X, where another user is logged in. Simply using a slightly modified inputattach on a PTY will do the trick. -- Vojtech Pavlik SuSE Labs, SuSE CR - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/