On 2018-11-13, Markus Wichmann <nullplan_AT_gmx.net> wrote:
> On Mon, Nov 12, 2018 at 01:14:38PM -0800, Michael Forney wrote:
>> Usually how it works is either the display server itself needs to be
>> setuid to open those input devices, or some other program (commonly
>> systemd-logind) needs to open it on its behalf. I believe Xorg with
>> systemd disabled will need to be setuid because of this.
>>
>
> I lack the words to describe how broken I think it is, to make an
> application setuid because you couldn't be arsed to set file permissions
> properly. Or at least, the words to do so in a civilised manner.
Well, you usually don't want just any process to be able to open your
keyboard device and read events from it; just the display server and
only when the VT it is running on is active. This is especially true
on a multi-user system. So, you want opening input devices to be
privileged or federated in some way.
There is also a problem with DRM, since while you can become master
(required for modesetting) implicitly if no other process is master,
you need CAP_SYS_ADMIN to be able to issue the ioctls to drop/regain
master. This makes it impossible to do VT switching properly as
non-root (see
https://github.com/mpv-player/mpv/issues/6184 for
example).
Received on Wed Nov 14 2018 - 21:30:25 CET