RE: [linux-fbdev] fbdev 2.4.0 cleanups

• Next message: Billy Harvey: "invalid character message 2.3.99pre1"
• Previous message: Chris Wedgwood: "Re: fcntl(2) and other file systems like XFS"
• In reply to: Russell King: "Re: [linux-fbdev] fbdev 2.4.0 cleanups"
• Next in thread: James A Simmons: "Re: [linux-fbdev] fbdev 2.4.0 cleanups"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

        Surely you let anyone open a /dev/fb* but then deny anyone but that user
RE-opening it? This is a well-documented way of securing devices.

                Nicholas Vinen

-----Original Message-----
From: owner-linux-kernel@vger.rutgers.edu
[mailto:owner-linux-kernel@vger.rutgers.edu]On Behalf Of Russell King
Sent: Wednesday, March 15, 2000 11:53 AM
To: James A Simmons
Cc: Sven LUTHER; Petr Vandrovec; Geert Uytterhoeven; FrameBuffer List;
Linux Kernel Mailing List
Subject: Re: [linux-fbdev] fbdev 2.4.0 cleanups

James A Simmons writes:
> > But anyway, i don't agree with you, there is no reason that a lots of
people
> > can open /dev/fb in read only mode, sure if some guys want to write to
it at
> > the same time, it could cause problems, ...
>
> Security :) One of the goals is to allow anyone to run a app on /dev/fb.
> No more root.

Erm, this is probably a silly question, especially as I haven't been
following
this thread in depth.

If you're concerned about security, then you don't really want anyone to be
able to open /dev/fb and read what you've got on your console. Think about
it - allowing anyone to open /dev/fb means that you might as well broadcast
the picture that is on your monitor to everyone who has access to your
machine.

I think think what you really want is to allow the user logged into the
console to be able to read/write the framebuffer, in much the same way that
/dev/console, /dev/dsp and friends are handled in a RedHat system - the
ownership of these "console" based devices is changed when a user logs in
at the console.

Alternatively, the only other solution is to keep /dev/fb as "root only" and
have a suid program (tsk tsk) which drops it's privs directly after opening
/dev/fb. This allows "root" to control who can access /dev/fb.

Both of the above methods have their drawbacks in that neither of them can
be 100% secure when you may have multiple users logging in on the VCs, but
then that in itself is inherently insecure way of operating. ;)
   _____
  |_____| ------------------------------------------------- ---+---+-
  | | Russell King rmk@arm.linux.org.uk --- ---
  | | | | http://www.arm.linux.org.uk/~rmk/aboutme.html / / |
  | +-+-+ --- -+-
  / | THE developer of ARM Linux |+| /|\
 / | | | --- |
    +-+-+ ------------------------------------------------- /\\\ |

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Billy Harvey: "invalid character message 2.3.99pre1"
• Previous message: Chris Wedgwood: "Re: fcntl(2) and other file systems like XFS"
• In reply to: Russell King: "Re: [linux-fbdev] fbdev 2.4.0 cleanups"
• Next in thread: James A Simmons: "Re: [linux-fbdev] fbdev 2.4.0 cleanups"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Thu Mar 23 2000 - 21:00:18 EST