Re: UME X startup from upstart in /etc/event.d/session fails unless this patch...
On Wednesday 19 December 2007 23:57:29 Tollef Fog Heen wrote: > Why do you believe this is a security hole? Quotation from the Xwrapper.conf man page (man 5 Xwrapper.config) <> So, it means that anybody, including a process without console, can start the X server. The target for UME is mobile devices, which usually should have MORE SECURITY in place than normal computers. This is why the big manufacturers like Nokia are obsessed with security of their terminal solutions, and linux didn't penetrate too much yet. I really don't understand why are you opposing my solution? It is more elegant and it doesn't break the debian/xorg "default rules". Do you have any arguments against my proposed fix? Cheers, Peter -- Peter Antoniac, PhD https://launchpad.net/~theseinfeld GIT/CS a C+++ UL+++$ w--- PGP++ e -- Ubuntu-mobile mailing list Ubuntu-mobile@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-mobile
Moblin Kernel and Driver Status for WW51
2.6.24 Kernel Support = Alek continues to port the patches from 2.6.22 to 2.6.24. He is using/referencing the work previously done by Amit. PSB / SLT HW Support Jacob still owes me a patch to work around the MWAIT/local APIC timer issue. We decided to go with the plan to mark the MWAIT instruction broken in the kernel taking out the CPU_FEATURE_MWAIT after cpuid is read for the effected processor. SDIO Feng has released a kernel patch on moblin.org containing Marvell's GPL release of the 8688 WLAN + BT drivers. In the process we've removed the older & outdated MSS SDIO kernel patch from moblin.org. Pierre Ossman's SDIO stack is the only choice for SDIO support on moblin. Dabney Thermal patches == No changes this week. USB Client Drivers == Alek continues to add support for the USB Client solution that was described previously. I don't have an update on his status this week. PSB Gfx & Video Drivers === Inuka has been investigating a bug with the PSB Gfx Beta3 RC driver where powertop is reporting that X is generating 120+ interrupts/second when the system is idle. This prevents the CPU from going into a lower power C state and blows battery life. The issue is believed to be in the implementation/design on the interface between closed & open pieces of the driver. After the holidays we'll be talking directly with the 3rd party developer to get this corrected. Power and Performance Testing/Optimization == Jay has numbers that compares performance between the mobile browser compiled with gcc and browser compiled with Intel C/C++ compiler. As expected there are some significant improvement, for example browser startup appears to be about 25% faster with the version compiled with the Intel compiler. Before we get too excited, we need spend some time scrubbing the data and make sure the numbers we've collected are accurate. +=+=+ Rob Rhoads mailto:[EMAIL PROTECTED] Moblin.org Kernel and Driver Team Lead Open Source Technology CenterOffice: 503-712-6675 Software Solutions Group mobile: 971-533-2451 Intel Corporation Hillsboro, Oregon USA -- Ubuntu-mobile mailing list Ubuntu-mobile@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-mobile
Re: UME X startup from upstart in /etc/event.d/session fails unless this patch...
* Peter Antoniac | It didn't hit :) so it might be a bug. But even if it is a bug, the problem | still remains: you have allowed_users=anybody into the Xwrapper.config. If | you use my patch for the /etc/event.d/session then you we don't need to open | this security hole in Xwrapper.config... Why do you believe this is a security hole? -- Tollef Fog Heen UNIX is user friendly, it's just picky about who its friends are -- Ubuntu-mobile mailing list Ubuntu-mobile@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-mobile
Re: UME X startup from upstart in /etc/event.d/session fails unless this patch...
On Wednesday 19 December 2007 16:35:45 Tollef Fog Heen wrote: > * Peter Antoniac > : [EMAIL PROTECTED] /tmp/ume-config-common-0.7 > tail -n 6 debian/postinst > > # Ew > if [ -f /etc/X11/Xwrapper.config ]; then > sed -i -e 's/allowed_users=.*/allowed_users=anybody/' > /etc/X11/Xwrapper.config fi > > #DEBHELPER# > > : [EMAIL PROTECTED] /tmp/ume-config-common-0.7 > > > So if that doesn't hit, for some reason, you've found a bug. It didn't hit :) so it might be a bug. But even if it is a bug, the problem still remains: you have allowed_users=anybody into the Xwrapper.config. If you use my patch for the /etc/event.d/session then you we don't need to open this security hole in Xwrapper.config... Cheers, Peter -- Peter Antoniac, PhD https://launchpad.net/~theseinfeld GIT/CS a C+++ UL+++$ w--- PGP++ e -- Ubuntu-mobile mailing list Ubuntu-mobile@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-mobile
Re: UME X startup from upstart in /etc/event.d/session fails unless this patch...
Actually, if you are using the menlow image and having issues, its because the image is installing the mccaslin kernel as the default boot kernel, which doesn't have the kernel modules for the menlow graphics. I wrote about this issue a while back. The image should not be loading the lpiacompat kernel. Tobin On Wed, 2007-12-19 at 15:35 +0100, Tollef Fog Heen wrote: > * Peter Antoniac > > | On Wednesday 19 December 2007 16:04:34 Tollef Fog Heen wrote: > | > Is there any particular reason why you don't seem to be using > | > ume-config-common? > | > | I am using that. But that has nothing to do with what I said. The > | problem is when you install the UME on a real device. Probably you > | are talking about running X with ume-xephyr-start? > > : [EMAIL PROTECTED] /tmp/ume-config-common-0.7 > tail -n 6 debian/postinst > # Ew > if [ -f /etc/X11/Xwrapper.config ]; then > sed -i -e 's/allowed_users=.*/allowed_users=anybody/' > /etc/X11/Xwrapper.config > fi > > #DEBHELPER# > : [EMAIL PROTECTED] /tmp/ume-config-common-0.7 > > > So if that doesn't hit, for some reason, you've found a bug. > > -- > Tollef Fog Heen > UNIX is user friendly, it's just picky about who its friends are > -- Tobin Davis Assembly language experience is [important] for the maturity and understanding of how computers work that it provides. -- D. Gries -- Ubuntu-mobile mailing list Ubuntu-mobile@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-mobile
Status report for 2007-12-12 -> 2007-12-18
Hi, I'm in holidays starting tonight; please contact me if you need anything done today or which I should arrange to do in holidays while I still have Internet access. * Commented on misc ongoing discussions * Uploaded hildon-desktop with patch by Horace Li; should solve hildon-desktop issue reported by MBU team with the Flash UI FYI, I wont make the mobile sprint but will attend the distro sprint in London. This is due to a collision with moving to a new place end of January. Bye, -- Loïc Minier -- Ubuntu-mobile mailing list Ubuntu-mobile@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-mobile
Re: UME X startup from upstart in /etc/event.d/session fails unless this patch...
* Peter Antoniac | On Wednesday 19 December 2007 16:04:34 Tollef Fog Heen wrote: | > Is there any particular reason why you don't seem to be using | > ume-config-common? | | I am using that. But that has nothing to do with what I said. The | problem is when you install the UME on a real device. Probably you | are talking about running X with ume-xephyr-start? : [EMAIL PROTECTED] /tmp/ume-config-common-0.7 > tail -n 6 debian/postinst # Ew if [ -f /etc/X11/Xwrapper.config ]; then sed -i -e 's/allowed_users=.*/allowed_users=anybody/' /etc/X11/Xwrapper.config fi #DEBHELPER# : [EMAIL PROTECTED] /tmp/ume-config-common-0.7 > So if that doesn't hit, for some reason, you've found a bug. -- Tollef Fog Heen UNIX is user friendly, it's just picky about who its friends are -- Ubuntu-mobile mailing list Ubuntu-mobile@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-mobile
Re: UME X startup from upstart in /etc/event.d/session fails unless this patch...
On Wednesday 19 December 2007 16:04:34 Tollef Fog Heen wrote: > Is there any particular reason why you don't seem to be using > ume-config-common? I am using that. But that has nothing to do with what I said. The problem is when you install the UME on a real device. Probably you are talking about running X with ume-xephyr-start? Cheers, Peter -- Peter Antoniac, PhD https://launchpad.net/~theseinfeld GIT/CS a C+++ UL+++$ w--- PGP++ e -- Ubuntu-mobile mailing list Ubuntu-mobile@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-mobile
Re: UME X startup from upstart in /etc/event.d/session fails unless this patch...
* Peter Antoniac | I don't know if anybody had noticed, but there are some issues with the | event.d scripts that are supposed to start the X on UME. | | The problem is that unless you change the /etc/X11/Xwrapper.config | there is no way the X is going to start on the machine. This is | because the way it comes configured is with | allowed_users=console. [...] Is there any particular reason why you don't seem to be using ume-config-common? -- Tollef Fog Heen UNIX is user friendly, it's just picky about who its friends are -- Ubuntu-mobile mailing list Ubuntu-mobile@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-mobile
UME X startup from upstart in /etc/event.d/session fails unless this patch...
Dear Rusty and all,
I don't know if anybody had noticed, but there are some issues with the
event.d scripts that are supposed to start the X on UME.
The problem is that unless you change the /etc/X11/Xwrapper.config there is no
way the X is going to start on the machine. This is because the way it comes
configured is with allowed_users=console. If you check with the
xserver-wrapper.c you will find out that the upstart starts processes in
the /dev/console which is not ok from the xserver-wrapper.c point of view. I
include also here mytest.c file that basically emulates the behavior of the
Xwrapper test so you can see that I am right. Here is how you can test it:
1. Place the mytest file in /etc/event.d
$ sudo cp mytest /etc/event.d
2. Compile the mytest.c
$ sudo cc -o /mytest mytest.c
3. Re-read the event.d?
$ sudo init q
4. Check if it is there:
$ sudo initctl list|grep mytest
mytest (stop) waiting
5. Now you can see what I am talking about by running in console (login in
text mode):
$ sudo initctl start mytest
and compare the result with:
$ /mytest
The explanation is that the test is looking for /dev/tty[n] as a process start
fd/0. Since console is minor 5 and not 4 it is therefore rejected (unless you
allow any process to start the X, which poses some security problems later).
Long explanation for a short resolution to our problem:
We need to change the /etc/event.d/session as follows:
-exec su -l ume "/usr/bin/starx -- -config xorg-crownbeach.conf"
+console output
+exec openvt -w -f -c 1 -- su -l ume "/usr/bin/starx -- -config \
xorg-crownbeach.conf"
I added the console output so that there is some feedback to the user if
things goes wrong...
Hope it helps other people having the same problem...
Cheers,
Peter
--
Peter Antoniac, PhD
https://launchpad.net/~theseinfeld
GIT/CS a C+++ UL+++$ w--- PGP++ e
/* $Author: Peter Antoniac */
#include
#include
int main (void)
{
struct stat s;
if (fstat (0, &s) != 0)
// if (stat ("/dev/tty1", &s) != 0)
{
(void) fprintf (stderr, "X: cannot stat stdin\n");
(void) fprintf (stdout, "X: cannot stat stdin\n");
}
if (S_ISCHR(s.st_mode) &&
((s.st_rdev >> 8) & 0xff) == 4 &&
(s.st_rdev & 0xff) < 64) {
(void) fprintf (stderr, "X: is ok\n");
(void) fprintf (stdout, "X: is ok\n");
}
else {
(void) fprintf (stderr, "X: is NOT ok\n");
(void) fprintf (stdout, "X: is NOT ok\n");
}
return 0;
}
# My test for Xwrapper behaviour in upstart
#
description "testing x behaviour in upstart"
author "Peter Antoniac <[EMAIL PROTECTED]>"
stop on runlevel [!2]
start on runlevel 2
console output
exec /mytest
--
Ubuntu-mobile mailing list
Ubuntu-mobile@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-mobile
