Bernd Juraschek wrote:
>> I don't know much about linux capabilities, but my feeling is, that they
>> are meant for things not represented by devices (which use the simpler
>> file-permissions model).
> On my system /dev/console has r/w access for anyone but this is not
> sufficient.

Damn. so much about file-permissions in /dev. :-(

> I take a look into the kernel sources and there a two ways
> to get the right to modify terminals with ioctl():
> - the modified terminal is the controlling terminal for the process or

This is reflected by vdr's --terminal option. Are you sure, that you
must ioctl /dev/CONSOLE or is any other tty sufficient, must it be a
foreground tty or can it be a virtual screen not currently active, a
pseudo tty (of screen, sshd, KDE-konsole)? In the case, all that works,
I suggest adding a note to your documentation that the user MUST specify
the --terminal option of vdr and us stdin/stdout/stderr as
file-descriptors for the ioctl.

> - the user has the capability to modify terminal settings

The Plugins are loaded long AFTER droping root rights, so I guess there
is no safe way for a plugin to request additional
permissions/capabilities. Maybe you can ask Klaus to also keep the
terminal setting caps, or provide a small patch witch allows the user to
do so when compiling vdr (or both ;-) ).

So long,
Patrick Cernko | mailto:[EMAIL PROTECTED] |

"Wer HTML postet oder gepostetes HTML quotet oder sich gepostetes oder
gequotetes HTML beschafft, um es in Verkehr zu bringen, wird geplonkt."

Attachment: signature.asc
Description: OpenPGP digital signature

vdr mailing list

Reply via email to