Menu
▾
▴
plplot-devel
|
From: Joao C. <jc...@fe...> - 2002-01-24 19:48:15
|
Hi, I have commited changes to enable the linuxvga driver to be a dyndriver, = as=20 it was only partially configured (it appears only in PL_DYNAMIC_DRIVER_LI= ST). But I can't use the driver as anormal user, I get: =09svgalib: Cannot get I/O permissions. As root I can however use it. I make no ideia of what is going on. Any clues? Joao |
|
From: Joao C. <jc...@fe...> - 2002-01-24 20:14:09
|
On Thursday 24 January 2002 7:44 pm, Joao Cardoso wrote:
> Hi,
>
> I have commited changes to enable the linuxvga driver to be a dyndriver=
, as
> it was only partially configured (it appears only in
> PL_DYNAMIC_DRIVER_LIST).
>
> But I can't use the driver as anormal user, I get:
^
Neither as a normal nor as an anormal user :-S
Joao
>
> =09svgalib: Cannot get I/O permissions.
>
> As root I can however use it.
> I make no ideia of what is going on. Any clues?
>
> Joao
>
> _______________________________________________
> Plplot-devel mailing list
> Plp...@li...
> https://lists.sourceforge.net/lists/listinfo/plplot-devel
|
|
From: Geoffrey F. <fu...@ga...> - 2002-01-24 20:33:25
|
Well, I have never personally used that driver, but I think I still know roughly what the issue is. The issue is that taking over the console and switching VT's requires privilege. The X server enjoys this privilege, which is why it can switch to VT 7 when you type startx, for example. The library that the vga driver calls, must effectively do the same thing, so the invoking executable has to be endowed with root privilege. Joao Cardoso writes: > On Thursday 24 January 2002 7:44 pm, Joao Cardoso wrote: > > I have commited changes to enable the linuxvga driver to be a dyndriver, as > > it was only partially configured (it appears only in > > PL_DYNAMIC_DRIVER_LIST). > > > > But I can't use the driver as anormal user, I get: > ^ > Neither as a normal nor as an anormal user :-S |
|
From: Alan W. I. <ir...@be...> - 2002-01-24 21:21:33
|
I cannot remember whether it was Maurice or Geoffrey who investigated this a long time ago, but according to my memory of the results back then you always need root in order to use this driver. Therefore, I have never run or tested it. If there is no way to get around this root-only limitation of libsvga, I think this driver should be disabled in the interests of security. Alan email: ir...@be... phone: 250-727-2902 FAX: 250-721-7715 snail-mail: Dr. Alan W. Irwin Department of Physics and Astronomy, University of Victoria, P.O. Box 3055, Victoria, British Columbia, Canada, V8W 3P6 __________________________ Linux-powered astrophysics __________________________ On Thu, 24 Jan 2002, Joao Cardoso wrote: > > Hi, > > I have commited changes to enable the linuxvga driver to be a dyndriver, as > it was only partially configured (it appears only in PL_DYNAMIC_DRIVER_LIST). > > But I can't use the driver as anormal user, I get: > > svgalib: Cannot get I/O permissions. > > As root I can however use it. > I make no ideia of what is going on. Any clues? > > Joao > > _______________________________________________ > Plplot-devel mailing list > Plp...@li... > https://lists.sourceforge.net/lists/listinfo/plplot-devel > |
|
From: Geoffrey F. <fu...@ga...> - 2002-01-24 22:41:28
|
Alan W. Irwin writes: > I cannot remember whether it was Maurice or Geoffrey who investigated this a > long time ago, but according to my memory of the results back then you > always need root in order to use this driver. Therefore, I have never run or > tested it. If there is no way to get around this root-only limitation of > libsvga, I think this driver should be disabled in the interests of security. :-). /home/furnish> ll /usr/bin/X11/XFree86 -rws--x--x 1 root root 1773168 Jan 18 2001 /usr/bin/X11/XFree86* The "no run-as-root software allowed" rule, would make for a text only computing experience. I think we should leave it in/available. People can use it or not based on their own policy decisions on their own machine. |
|
From: Alan W. I. <ir...@be...> - 2002-01-24 23:03:17
|
On Thu, 24 Jan 2002, Geoffrey Furnish wrote: > Alan W. Irwin writes: > > I cannot remember whether it was Maurice or Geoffrey who investigated this a > > long time ago, but according to my memory of the results back then you > > always need root in order to use this driver. Therefore, I have never run or > > tested it. If there is no way to get around this root-only limitation of > > libsvga, I think this driver should be disabled in the interests of security. > > :-). > > /home/furnish> ll /usr/bin/X11/XFree86 > -rws--x--x 1 root root 1773168 Jan 18 2001 /usr/bin/X11/XFree86* > > The "no run-as-root software allowed" rule, would make for a text only > computing experience. Sounds good to me....;-) Seriously though, I agree with your implicit point that from the security perspective there is no real difference between a setuid programme and one that demands you be root to run it. However, there is a practical difference between the two; when you are running root is is much easier to screw up (inadvertent typing of "rm -rf /", for example....;-)) then when you are just running a setuid executable. Also, for what it is worth, the security reputation of libsvga is not as good as Xfree86. > > I think we should leave it in/available. People can use it or not > based on their own policy decisions on their own machine. Fine by me. Since I wrote what you are responding to, I found and posted a way (with a lot of effort) that might work to run svgalib-based code safely (or at least as safe as X). Alan |
|
From: Alan W. I. <ir...@be...> - 2002-01-24 22:45:20
|
On Thu, 24 Jan 2002, Alan W. Irwin wrote: > I cannot remember whether it was Maurice or Geoffrey who investigated this a > long time ago, but according to my memory of the results back then you > always need root in order to use this driver. Therefore, I have never run or > tested it. If there is no way to get around this root-only limitation of > libsvga, I think this driver should be disabled in the interests of security. > For what it is worth, there might be a way to run and test this driver safely. Apparently (http://packages.debian.org/testing/libs/svgalib1-libggi2.html) you can run a svgalib wrapper on top of libggi. In turn this can be run (http://packages.debian.org/testing/libs/libggi2.html) on top of a lot of different backends. If you choose to run libggi on top of X, there should be no root problem. But whether this all works depends on how good the wrapper is. Also, there are complications in building against svgalib1-libggi2 and also apparently a lot of configuration is required to get a particular svgalib application to work. I don't have time to investigate any further, however. |
|
From: <jca...@in...> - 2002-01-25 03:21:42
|
On Thursday 24 January 2002 22:45, Alan W. Irwin wrote: | On Thu, 24 Jan 2002, Alan W. Irwin wrote: | > I cannot remember whether it was Maurice or Geoffrey who | > investigated this a long time ago, but according to my memory of | > the results back then you always need root in order to use this | > driver. Therefore, I have never run or tested it. If there is no | > way to get around this root-only limitation of libsvga, I think | > this driver should be disabled in the interests of security. | | For what it is worth, there might be a way to run and test this | driver safely. Apparently | (http://packages.debian.org/testing/libs/svgalib1-libggi2.html) you | can run a svgalib wrapper on top of libggi. In turn this can be | run (http://packages.debian.org/testing/libs/libggi2.html) on top | of a lot of different backends. If you choose to run libggi on top | of X, there should be no root problem. There is no point in using svga if you have X ;-). I just reported this, I don't use it. Joao |
Thanks for helping keep SourceForge clean.
X