Re: svgalib problem

Wed, 14 Oct 1998 16:17:17 -0400 

On Wed, 14 Oct 1998, St Xaviers College wrote:

> Hello,
> 
>       I have a Slackware Linux 96 on my machine installed. My "svgalib" 
> does not work, if not logged in as root. For instance to run "tmview" --- 
> a dvi-previewer with linux/svgalib to preview .dvi files I have to open 
> another session as a root, and while I try to run it otherwise it says : 
> "svgalib : Cannot get I/O permissions."
> 
>       What need I do to run as any user ?

1a) At first, you must understand that tmview MUST run as root because
   otherwise the kernel does not let it (more precise: the svgalib
   compiled into tmview) access the VGA hardware.

1b) tmview MUST be run as root, hence you express a certain kind of trust
   in tmview that it does not misuse this priviledge. (that is, it is
   no trojan horse and has no security relevant bugs)

1c) There is a package called ioperm around. svgalib interacts with it
   nicely and tmview would also work w/o root access. Yet again, ioperm
   gives tmview complete hardware access (and ioperm itself must run as
   root to do that), so a 'trojan horse' tmview can still screw your
   system (but the 'trojan horse' author must spent some more time coding
   ;-) )

That being said:

2) You can make your linux run tmview as root regardless of which user
   runs the tmview executable. To do that, perform as follows:

3) Find out the full path of tmview. Probably you can do that with:

   which tmview

   let's say it is /usr/local/bin/tmview.

   Check that this is really the executable, not a shell script:

   file /usr/local/bin/tmview

   (if it is a shell script, look in it with your favourite editor, and
   see which is the executable it actually runs)

4) Then do (as root!) on whatever file is the actual executable:

   # Make executable file being owned by root:
   chown 0.0 /usr/local/bin/tmview

   # root can read-write-exec, anyone else read-exec only:
   chmod 755 /usr/local/bin/tmview

   # When executed, the process runs under the uid of the file owner
   # (here: root):
   chmod u+s /usr/local/bin/tmview

That should allow Joe Blow User to run tmview. If tmview is a well written
svgalib application, it will not allow Joe Blow User to take any advantage
of the root priviledge tmview runs with; hence not compromise your system
security.
     
Michael.

--

Michael Weller: [EMAIL PROTECTED], [EMAIL PROTECTED],
or even [EMAIL PROTECTED] If you encounter an eowmob account on
any machine in the net, it's very likely it's me.

Reply via email to