Public bug reported: Given that, from the outside, LCDd is just a proxy translating TCP traffic to traffic on a /dev node, it being completely unconstrained by systemd's permissions controls on Ubuntu Linux 24.04.4 LTS is all risk, no reward.
I've opened a feature request upstream for them to provide at least a suggested service file (https://github.com/lcdproc/lcdproc/issues/227) but, given that there's a 9-year gap between the latest release (2017) and the development HEAD (2 days ago), I thought it best to also ask the maintainer for the package I'm applying overrides to. To start discussion, I'm attaching my `/etc/systemd/system/lcdproc.service.d/override.conf`, categorized by what should Just Work™ for everyone, what should Just Work™ with the default configuration that binds to `127.0.0.1`, and what should Just Work™ for anyone using a Serial or USB-Serial LCD. (Aside from a Logitech G15 with a broken key that I don't have with me at the moment, I don't have any parallel, USB-HID, or other non- Serial/USBSerial LCDs to test with to determine what beyond `Group=dialout` would be needed, but it should just be a matter of adding an appropriate `/etc/udev/rules.d/*.rules` file as has become a commonplace requirement for niche hardware.) It takes the exposure score from `9.6 UNSAFE 😨` to `1.2 OK 🙂` with the main big things remaining being the lack of a /dev ACL (I haven't read up on how to log which devices it's accessing) and the not-yet-taken opportunity to add systemd services for `lcdproc` and `lcdexec` so that `PrivateNetwork=yes` and `JoinsNamespaceOf=` become an option. ** Affects: lcdproc (Ubuntu) Importance: Undecided Status: New ** Attachment added: "/etc/systemd/system/lcdproc.service.d/override.conf" https://bugs.launchpad.net/bugs/2159559/+attachment/5980081/+files/override.conf -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2159559 Title: systemd unit is far too lenient To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lcdproc/+bug/2159559/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
