[PATCH 1/1] weston-launch: alter tty command line parameter semantics
Daniel Stone
daniel at fooishbar.org
Tue Dec 16 00:19:16 PST 2014
Hi,
On 8 December 2014 at 10:34, Damian, Alexandru <alexandru.damian at intel.com>
wrote:
>
> What annoyed me was weston silently ignoring the tty argument in certain
> conditions (you have to specify a new user argument while being root).
>
Oh, I totally agree. We should have an error message stating that --tty is
not valid without --user.
> I reasoned that user access to the tty should be set up by the kernel
> policies, and we should not enforce the policy at weston level. If the
> system is configured in this way, then a user with enough permissions can
> start up weston under his account without having to have root permissions.
>
>
> In the end, I can use the openvt workaround, if you are concerned about
> the security implications.
>
Well, given that weston-launch is suid and opens the device on behalf of
weston, you're actually bypassing all of the kernel policies and
enforcement, since the kernel will just see root attempting to open it.
This is what makes me nervous. Previously weston-launch would only allow
arbitrary TTY selection if you were actually root (user can only be set
when getuid() == geteuid()), but this change allows any user with
weston-launch access to open any VT that root can access.
I could definitely be swayed, but in the absence of someone who knows
definitively whether or not this is a good idea (David?), I'd lean towards
not changing the current behaviour - except to produce an error message
when --tty is specified but not --user.
Cheers,
Daniel
> Cheers,
> Alex
>
> On Mon, Dec 8, 2014 at 9:47 AM, Daniel Stone <daniel at fooishbar.org> wrote:
>
>> Hi,
>>
>> On Wednesday, October 2, 2013, Alex DAMIAN <alexandru.damian at intel.com>
>> wrote:
>>>
>>> Current behaviour of the tty parameter is to take effect
>>> only if there is a new user starting up.
>>>
>>> Since it is useful to start weston-launch with a command line
>>> specified tty, I'm changing the semantics of the tty parameter:
>>>
>>> * the argument to the --tty parameter is now mandatory
>>> * if specified, weston-launch will try to run on the specified tty
>>> * otherwise, it will continue to try to find the first free console
>>>
>>> This patch allows starting weston-launch over a ssh connection,
>>> for example, with the current user.
>>>
>>
>> Sorry about the long latency on this.
>>
>> Your commit message leaves out the most important change - that non-root
>> users can now specify arbitrary TTYs. This makes me a little nervous, even
>> though it will fail if anyone already has the VT open.
>>
>> I've been using openvt -- weston-launch --user=foo, over SSH. Would that
>> be an adequate replacement for you?
>>
>> Cheers,
>> Daniel
>>
>
>
>
> --
> Alex Damian
> Yocto Project
> SSG / OTC
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/wayland-devel/attachments/20141216/03bf7f66/attachment-0001.html>
More information about the wayland-devel
mailing list