Xserver needs to run as "root" on Linux / was: Re: [Xorg] Server side widgets

Ralph Thomas ralpht at gmail.com
Wed Jul 14 08:45:12 PDT 2004 

I don't claim to know anything about OS security, but that's not going
to stop me from openly opining :).

You could just have two different device files for each keyboard, call
them "/dev/keyboard" and "/dev/keyboard-special".

On "/dev/keyboard-special" you could have two new ioctls defined:
  - "Exclusive" means that keypresses ONLY get reported by
"/dev/keyboard-special"

  - "NonExclusive" means that keypresses get reported by
"/dev/keyboard" and "/dev/keyboard-special" (and through any other
means that keypresses get reported)

Then you could have some daemon listen to "/dev/keyboard-special" for
ctrl+alt+delete or whatever and then issue the "Exclusive" ioctl and
do it's secret password and username stuff - once it had done that it
could issue the "NonExclusive" ioctl.

The security comes when you have an ability to restrict access to
"/dev/keyboard-special", either by file permissions or some more
elaborate SELinux setup.

--ralpht



On Wed, 14 Jul 2004 02:32:57 +0200, Jakub Piotr Cłapa <loc at toya.net.pl> wrote:
> Jon Smirl wrote:
> > Another thing to consider is that the entire VT system could be removed
> > from the kernel and pushed into user space. Doing that will change how
> > you implement the login screen.
> >
> > There are two classes of output:
> > printk, system boot, kdbg, ie kernel things
> > everything else
> >
> > kernel things need to be displayed from inside the kernel
> > everything else can be displayed from user space
> >
> > Which group is the login screen in?
> 
> IMO the login screen itself belongs to the userspace but it shouldn't
> really matter for its security. We would only need kernel providing a
> way to switch the keyboard to a special mode in which the keystrokes
> could be captured only by priviledged programs.
> Maybe this also could be done in userspace? I know nothing about how is
> the low-level keyboard access done on Linux. ;/
> 
> Whole vt management could probably as well run as root in userspace.
> 
> Probably EOT - I gave some ideas but I don't (yet) know enough to get
> down to the low-level implementation details...
> 
> --
> Regards,
> Jakub Piotr Cłapa
>

More information about the xorg mailing list