Justin Dugger
2007-10-11 09:47:55 UTC
There's an ACL patch floating around that I presume some form of will
be taken up, that gets gnome-screensaver 90 percent of the way to
working. The final problem is uinput, which as I understand from the
FOSDEM video, is used solely to provide a <cr>. In order to get this
part working, I have seen people suggest adding users the root group.
I've confirmed this does work, but I think suggesting this to masses
of end users might be a little unsavory.
In the CoC spirit, I brought this up in #ubunut-motu (and now here on
thinkfinger-devel), and it's been suggested that uinput is not
something users should generally have access to in a secure
environment. An excerpt from #ubuntu-motu:
< pwnguin> well, uinput seems to default to root perms only
< persia> pwnguin: Right. uinput allows the injection of anything to
the kernel, so can simulate devices to which the user would not
otherwise have access.
So this sounds bad. persia had an alternative suggestion:
< persia> If you just want to feed a <cr>, it's easier to use the
user's current input device, to which the user can typically write,
and inject it into the stream there.
Is this something feasible, or does gnome-screensaver attempt to lock
down these sorts of accesses?
Justin Dugger
be taken up, that gets gnome-screensaver 90 percent of the way to
working. The final problem is uinput, which as I understand from the
FOSDEM video, is used solely to provide a <cr>. In order to get this
part working, I have seen people suggest adding users the root group.
I've confirmed this does work, but I think suggesting this to masses
of end users might be a little unsavory.
In the CoC spirit, I brought this up in #ubunut-motu (and now here on
thinkfinger-devel), and it's been suggested that uinput is not
something users should generally have access to in a secure
environment. An excerpt from #ubuntu-motu:
< pwnguin> well, uinput seems to default to root perms only
< persia> pwnguin: Right. uinput allows the injection of anything to
the kernel, so can simulate devices to which the user would not
otherwise have access.
So this sounds bad. persia had an alternative suggestion:
< persia> If you just want to feed a <cr>, it's easier to use the
user's current input device, to which the user can typically write,
and inject it into the stream there.
Is this something feasible, or does gnome-screensaver attempt to lock
down these sorts of accesses?
Justin Dugger