[PATCH 1/1] weston-launch: alter tty command line parameter semantics
dh.herrmann at gmail.com
Tue Dec 16 00:30:56 PST 2014
On Tue, Dec 16, 2014 at 9:19 AM, Daniel Stone <daniel at fooishbar.org> wrote:
>> I reasoned that user access to the tty should be set up by the kernel
>> policies, and we should not enforce the policy at weston level. If the
>> system is configured in this way, then a user with enough permissions can
>> start up weston under his account without having to have root permissions.
>> In the end, I can use the openvt workaround, if you are concerned about
>> the security implications.
> Well, given that weston-launch is suid and opens the device on behalf of
> weston, you're actually bypassing all of the kernel policies and
> enforcement, since the kernel will just see root attempting to open it. This
> is what makes me nervous. Previously weston-launch would only allow
> arbitrary TTY selection if you were actually root (user can only be set when
> getuid() == geteuid()), but this change allows any user with weston-launch
> access to open any VT that root can access.
> I could definitely be swayed, but in the absence of someone who knows
> definitively whether or not this is a good idea (David?), I'd lean towards
> not changing the current behaviour - except to produce an error message when
> --tty is specified but not --user.
So far VT allocation was left to your login-manager and you shouldn't
mess with it. The openvt-logic (whether that is 'openvt' or
'VT_OPENQRY') is meant as workaround for people who want minimal
login-managers (or rather no login-manager at all). So if we can avoid
supporting any more sophisticated options, I'd welcome that. So I
agree with Daniel here.
More information about the wayland-devel