Re: [linux-fbdev] fbdev 2.4.0 cleanups

From: James A Simmons (jsimmons@acsu.buffalo.edu)
Date: Wed Mar 15 2000 - 15:11:30 EST

Next message: James A. Treacy: "patch to support SupraExpress modem"
Previous message: Meino Christian Cramer: "Logical problem withj devfs/devfsd"
In reply to: Russell King: "Re: [linux-fbdev] fbdev 2.4.0 cleanups"
Next in thread: Russell King: "Re: [linux-fbdev] fbdev 2.4.0 cleanups"
Reply: Russell King: "Re: [linux-fbdev] fbdev 2.4.0 cleanups"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 15 Mar 2000, Russell King wrote:

> James A Simmons writes:
> > > But anyway, i don't agree with you, there is no reason that a lots of people
> > > can open /dev/fb in read only mode, sure if some guys want to write to it at
> > > the same time, it could cause problems, ...
> >
> > Security :) One of the goals is to allow anyone to run a app on /dev/fb.
> > No more root.
>
> Erm, this is probably a silly question, especially as I haven't been following
> this thread in depth.
>
> If you're concerned about security, then you don't really want anyone to be
> able to open /dev/fb and read what you've got on your console. Think about
> it - allowing anyone to open /dev/fb means that you might as well broadcast
> the picture that is on your monitor to everyone who has access to your
> machine.

Yeah. Their are other issues I pointed out as well in my other postings.

> I think think what you really want is to allow the user logged into the
> console to be able to read/write the framebuffer, in much the same way that
> /dev/console, /dev/dsp and friends are handled in a RedHat system - the
> ownership of these "console" based devices is changed when a user logs in
> at the console.

Right. I going to have /dev/fb do this in the future. LIke what /dev/tty
does.

> Alternatively, the only other solution is to keep /dev/fb as "root only" and
> have a suid program (tsk tsk) which drops it's privs directly after opening
> /dev/fb. This allows "root" to control who can access /dev/fb.

Yuk :(

> Both of the above methods have their drawbacks in that neither of them can
> be 100% secure when you may have multiple users logging in on the VCs, but
> then that in itself is inherently insecure way of operating. ;)

Well I have the vision in mind of when you open /dev/fb you switch to
graphics mode (KD_GRAPHICS). No worries about VC in this case.

"Look its a text editor, no its a OS, no its Emacs"
James Simmons (o_
fbdev/gfx developer (o_ (o_ //\
http://www.linux-fbdev.org (/)_ (/)_ V_/_
http://linuxgfx.sourceforge.net

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: James A. Treacy: "patch to support SupraExpress modem"
Previous message: Meino Christian Cramer: "Logical problem withj devfs/devfsd"
In reply to: Russell King: "Re: [linux-fbdev] fbdev 2.4.0 cleanups"
Next in thread: Russell King: "Re: [linux-fbdev] fbdev 2.4.0 cleanups"
Reply: Russell King: "Re: [linux-fbdev] fbdev 2.4.0 cleanups"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Thu Mar 23 2000 - 21:00:18 EST