On Sun, Mar 12, 2017 at 10:08 PM, Egmont Koblinger wrote:
> So, again, if I'm not mistaken, cons.saver basically does the following:
> Based on the ownership, permissions etc. of _/dev/ttyX_, it either grants
> or denies access to _/dev/vcsaX_. You cannot examine the ttyX and
Hi,
Why do you think on my system I cannot access vcs* devices. As far as I
> remember I never said that.
>
You did include the output of "ls -l /dev/vcs*" on your system, showing
that they're owned by vcsa and chmod 600. So, they are not directly
accessible to your 'echo' or 'ghost' users. They
Hi,
> What do you mean by "the resource" in the lines above? There are at least
two pieces of resource in the game, the tty and the vcsa (maybe more, I
don't know). We'd need a much more precise description.
>> if a user doesn't own the tty device but is a member of a group owning
the tty should
Hi,
On Sun, Mar 12, 2017 at 12:54 AM, Key Offecka wrote:
>
> if the user (the real user, not the effective one) is root then permission
> check is successful
> else
> if the user owns the resource then permission check is successful
> else
> if the user belongs to
Hi,
> You did mention "sudo" a couple of times
Yes, I did. And maybe even more times, but I never told about extra rights
obtained by a user just because of sudoing.
> You keep talking about "first" and "second" user, in order to have these
you must switch user by some means
And I told you, in
Hi,
On Sat, Mar 11, 2017 at 7:50 PM, Konstantin I.
wrote:
> Hi,
>
> > Nope. Via "sudo", the first user is allowed to execute certain commands
> on behalf of the second, not the other way around.
>
> I didn't say "via sudo"
>
You did mention "sudo" a couple of times. You
Hi,
Nope. Via "sudo", the first user is allowed to execute certain commands on
behalf of the second, not the other way around.
I didn't say "via sudo"
I said: the second user (`ghost` in this example) is authorised to act on
behalf of `echo`.
How it's done is irrelevant. You mentioned
Hi,
The requirement here is that the second user (`ghost` in this example) is
> authorised to act on behalf of `echo`.
>
Nope. Via "sudo", the first user is allowed to execute certain commands on
behalf of the second, not the other way around. During this, the second
user doesn't have any access
Hi Egmont,
> What do you mean the tty owner is the _problem_? What kind of problem?
Please excuse me, I wasn't quite correct there.
Let's forget about permissions and TTYs. Let's look at the issue from the
user point of view. Please consider this case:
There is a user, say `echo` and there is
Hi,
> All you say about vcs* sounds reasonable, unfortunately according to the
code, the tty owner is the problem.
What do you mean the tty owner is the _problem_? What kind of problem?
I believe it's not the _problem_, it's the piece of information we rely on
to figure out if cons.saver is
Thank you, egmont, for your time answering my question. All you say about
vcs* sounds reasonable, unfortunately according to the code, the tty owner
is the problem.
fstat (console_fd, ) < 0 || st.st_uid != uid
As far as I understand the c code here, you compare the user id with the id
of the tty
Hi,
cons.saver, as you apparently know this, is the helper binary responsible
for restoring the contents of the Linux console when you quit mc or press
Ctrl+O. A helper is required since the Linux console does not have an
"alternate screen" that graphical terminal emulators have.
In order to be
Hi,
I am looking at the
main (int argc, char **argv)
function in
src/consaver/cons.saver.c
There are calls like
st.st_uid != uid
fstat (console_fd, ) >= 0 && st.st_uid == uid
fstat (console_fd, ) < 0 || st.st_uid != uid
The last one is especially strange taking into account that it
13 matches
Mail list logo