Re: A requirement for the current user to own ttys

2017-03-12 Thread Egmont Koblinger
On Sun, Mar 12, 2017 at 10:08 PM, Egmont Koblinger wrote: > So, again, if I'm not mistaken, cons.saver basically does the following: > Based on the ownership, permissions etc. of _/dev/ttyX_, it either grants > or denies access to _/dev/vcsaX_. You cannot examine the ttyX and

Re: A requirement for the current user to own ttys

2017-03-12 Thread Egmont Koblinger
Hi, Why do you think on my system I cannot access vcs* devices. As far as I > remember I never said that. > You did include the output of "ls -l /dev/vcs*" on your system, showing that they're owned by vcsa and chmod 600. So, they are not directly accessible to your 'echo' or 'ghost' users. They

Re: A requirement for the current user to own ttys

2017-03-12 Thread Key Offecka
Hi, > What do you mean by "the resource" in the lines above? There are at least two pieces of resource in the game, the tty and the vcsa (maybe more, I don't know). We'd need a much more precise description. >> if a user doesn't own the tty device but is a member of a group owning the tty should

Re: A requirement for the current user to own ttys

2017-03-11 Thread Egmont Koblinger
Hi, On Sun, Mar 12, 2017 at 12:54 AM, Key Offecka wrote: > > if the user (the real user, not the effective one) is root then permission > check is successful > else > if the user owns the resource then permission check is successful > else > if the user belongs to

Re: A requirement for the current user to own ttys

2017-03-11 Thread Key Offecka
Hi, > You did mention "sudo" a couple of times Yes, I did. And maybe even more times, but I never told about extra rights obtained by a user just because of sudoing. > You keep talking about "first" and "second" user, in order to have these you must switch user by some means And I told you, in

Re: A requirement for the current user to own ttys

2017-03-11 Thread Egmont Koblinger
Hi, On Sat, Mar 11, 2017 at 7:50 PM, Konstantin I. wrote: > Hi, > > > Nope. Via "sudo", the first user is allowed to execute certain commands > on behalf of the second, not the other way around. > > I didn't say "via sudo" > You did mention "sudo" a couple of times. You

Re: A requirement for the current user to own ttys

2017-03-11 Thread Konstantin I.
Hi, Nope. Via "sudo", the first user is allowed to execute certain commands on behalf of the second, not the other way around. I didn't say "via sudo" I said: the second user (`ghost` in this example) is authorised to act on behalf of `echo`. How it's done is irrelevant. You mentioned

Re: A requirement for the current user to own ttys

2017-03-11 Thread Egmont Koblinger
Hi, The requirement here is that the second user (`ghost` in this example) is > authorised to act on behalf of `echo`. > Nope. Via "sudo", the first user is allowed to execute certain commands on behalf of the second, not the other way around. During this, the second user doesn't have any access

Re: A requirement for the current user to own ttys

2017-03-11 Thread Key Offecka
Hi Egmont, > What do you mean the tty owner is the _problem_? What kind of problem? Please excuse me, I wasn't quite correct there. Let's forget about permissions and TTYs. Let's look at the issue from the user point of view. Please consider this case: There is a user, say `echo` and there is

Re: A requirement for the current user to own ttys

2017-03-11 Thread Egmont Koblinger
Hi, > All you say about vcs* sounds reasonable, unfortunately according to the code, the tty owner is the problem. What do you mean the tty owner is the _problem_? What kind of problem? I believe it's not the _problem_, it's the piece of information we rely on to figure out if cons.saver is

Re: A requirement for the current user to own ttys

2017-03-10 Thread Key Offecka
Thank you, egmont, for your time answering my question. All you say about vcs* sounds reasonable, unfortunately according to the code, the tty owner is the problem. fstat (console_fd, ) < 0 || st.st_uid != uid As far as I understand the c code here, you compare the user id with the id of the tty

Re: A requirement for the current user to own ttys

2017-03-09 Thread Egmont Koblinger
Hi, cons.saver, as you apparently know this, is the helper binary responsible for restoring the contents of the Linux console when you quit mc or press Ctrl+O. A helper is required since the Linux console does not have an "alternate screen" that graphical terminal emulators have. In order to be

A requirement for the current user to own ttys

2017-03-09 Thread Key Offecka
Hi, I am looking at the main (int argc, char **argv) function in src/consaver/cons.saver.c There are calls like st.st_uid != uid fstat (console_fd, ) >= 0 && st.st_uid == uid fstat (console_fd, ) < 0 || st.st_uid != uid The last one is especially strange taking into account that it