[BRLTTY] BRLTTY, systemd and unprivileged user
Aura Kelloniemi
kaura.dev at sange.fi
Sun Aug 23 08:22:41 EDT 2020
Hi list,
Dave Mielke <Dave at mielke.cc> writes:
> [quoted lines by Aura Kelloniemi on 2020/08/23 at 11:48 +0300]
> >But aren't there two things to test?
> Yes, exactly! And I'd also like to test this on your system anyway, just to be
> sure that that part of the code isn't contributing to the problem.
I'll send you the log off-list.
> >The other thing to test is whether the systemd configuration works. As far as
> >I understand, the brltty at .service defines the User, Group and
> >AmbientCapabilities because systemd is capable for setting them for BRLTTY by
> >itself. This I cannot test by running from the build tree, unless I install
> >the systemd config files, which has nasty consequences on my system.
> Okay, This is how I do it:
Thank you for this explanation. I did not know about the service.d directory
trick.
> >crw------- 1 secret_user_name tty 4, 1 Aug 22 21:37 /dev/tty1
> Some hacker will figure it out! :-) Anyway, it looks good.
I call them crackers. I leave figuring out this detail as an exercise for the
reader.
> So, just to get my understanding correct, when you start brltty as root, and it
> doesn't switch to an unprivileged user, is it having the tty1 access problem?
> I'm confirming because it doesn't seem to make any sense.
Yes, this is the case. I suppose, the fiddling with the capabilities somehow
causes the root account not to be root anymore.
As far as I understand, root (in Linux, nowadays) is a predefined set of
capabilities. Could it be that when BRLTTY adds capabilities, it (implicitly)
at the same time drops the normal root capabilities, and then it does not
matter any more that the process has uid 0.
--
Aura
More information about the BRLTTY
mailing list