<div dir="ltr">Hi,<div class="gmail_extra"><br><div class="gmail_quote">On 8 December 2014 at 10:34, Damian, Alexandru <span dir="ltr"><<a href="mailto:alexandru.damian@intel.com" target="_blank">alexandru.damian@intel.com</a>></span> wrote:<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div style="font-family:tahoma,sans-serif">What annoyed me was weston silently ignoring the tty argument in certain conditions (you have to specify a new user argument while being root).<br></div></div></blockquote><div><br></div><div>Oh, I totally agree. We should have an error message stating that --tty is not valid without --user.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div style="font-family:tahoma,sans-serif"></div><div style="font-family:tahoma,sans-serif">I reasoned that user access to the tty should be set up by the kernel policies, and we should not enforce the policy at weston level. If the system is configured in this way, then a user with enough permissions can start up weston under his account without having to have root permissions.<br><br><br></div><div style="font-family:tahoma,sans-serif">In the end, I can use the openvt workaround, if you are concerned about the security implications.<br></div></div></blockquote><div><br></div><div>Well, given that weston-launch is suid and opens the device on behalf of weston, you're actually bypassing all of the kernel policies and enforcement, since the kernel will just see root attempting to open it. This is what makes me nervous. Previously weston-launch would only allow arbitrary TTY selection if you were actually root (user can only be set when getuid() == geteuid()), but this change allows any user with weston-launch access to open any VT that root can access.</div><div><br></div><div>I could definitely be swayed, but in the absence of someone who knows definitively whether or not this is a good idea (David?), I'd lean towards not changing the current behaviour - except to produce an error message when --tty is specified but not --user.</div><div><br></div><div>Cheers,</div><div>Daniel</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div style="font-family:tahoma,sans-serif">Cheers,<br>Alex<br></div></div><div class="gmail_extra"><div><div class="h5"><br><div class="gmail_quote">On Mon, Dec 8, 2014 at 9:47 AM, Daniel Stone <span dir="ltr"><<a href="mailto:daniel@fooishbar.org" target="_blank">daniel@fooishbar.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br><br>On Wednesday, October 2, 2013, Alex DAMIAN <<a href="mailto:alexandru.damian@intel.com" target="_blank">alexandru.damian@intel.com</a>> wrote:<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Current behaviour of the tty parameter is to take effect<br>
only if there is a new user starting up.<br>
<br>
Since it is useful to start weston-launch with a command line<br>
specified tty, I'm changing the semantics of the tty parameter:<br>
<br>
* the argument to the --tty parameter is now mandatory<br>
* if specified, weston-launch will try to run on the specified tty<br>
* otherwise, it will continue to try to find the first free console<br>
<br>
This patch allows starting weston-launch over a ssh connection,<br>
for example, with the current user.<br>
</blockquote><div><br></div><div>Sorry about the long latency on this.</div><div><br></div><div>Your commit message leaves out the most important change - that non-root users can now specify arbitrary TTYs. This makes me a little nervous, even though it will fail if anyone already has the VT open.</div><div><br></div><div>I've been using openvt -- weston-launch --user=foo, over SSH. Would that be an adequate replacement for you?</div><div><br></div><div>Cheers,</div><div>Daniel </div>
</blockquote></div><br><br clear="all"><br></div></div><span class="HOEnZb"><font color="#888888">-- <br><div><div dir="ltr">Alex Damian<div>Yocto Project<br></div><div>SSG / OTC </div></div></div>
</font></span></div>
</blockquote></div></div></div>