Keyboard programming needs root

Keyboard programming needs root

[Daniel Mantione]

Hello,

A while back a patch was merged to make that only root can program the
keyboard:

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0b360adbdb54d5b98b78d57ba0916bc4b8871968

Is this patch discussable? I think this patch isn't proper because of the
following reasons:

* Users can play games in many ways. They can configure the terminal
  settings, (remove the automatic line feed, disable the echo etc). They can
  load console fonts. They can still put the keyboard in raw mode, etc.
* All of these games can be prevented by making mingetty (or whatever getty
  is used) or PAM can put the console into a known state after logout.
* All of these games are annoyances, system security is not compromised.
* I do not see a problem with for example a French user doing a "loadkeys
  fr" if that allows hims to use the computer easier.

Worst issue for me though, is that KDSBENT is needed to be able to catch
keys like shift+tab, alt+fx, escape without delay. My application suddenly
needs root permissions to work properly. The alternative, semi raw mode,
has the disadvantage that you need to implement your own keymaps (like X).
In short, this change breaks applications.

Daniël Mantione

Re: Keyboard programming needs root

[Dmitry Torokhov]

Hi Daniel,

On 7/14/07, Daniel Mantione <daniel.mantione@freepascal.org> wrote:
> Hello,
>
> A while back a patch was merged to make that only root can program the
> keyboard:
>
> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0b360adbdb54d5b98b78d57ba0916bc4b8871968
>
> Is this patch discussable? I think this patch isn't proper because of the
> following reasons:
>
> * Users can play games in many ways. They can configure the terminal
>  settings, (remove the automatic line feed, disable the echo etc). They can
>  load console fonts. They can still put the keyboard in raw mode, etc.

Keyboard raw mode or disabling line echo may be annoying but you
really don't want someone leaving box after binding "rm -rf /" to a
backspace key...

> * All of these games can be prevented by making mingetty (or whatever getty
>  is used) or PAM can put the console into a known state after logout.
> * All of these games are annoyances, system security is not compromised.
> * I do not see a problem with for example a French user doing a "loadkeys
>  fr" if that allows hims to use the computer easier.
>
> Worst issue for me though, is that KDSBENT is needed to be able to catch
> keys like shift+tab, alt+fx, escape without delay. My application suddenly
> needs root permissions to work properly.

Yes, if your application mucks with the console it has to be trusted...

> The alternative, semi raw mode,
> has the disadvantage that you need to implement your own keymaps (like X).
> In short, this change breaks applications.
>

You may also try reading data directly from evdev devices... They are
normally privileged as well but usually user logged on console is
given access to them.

-- 
Dmitry

Re: Keyboard programming needs root

[Daniël Mantione]

[-- Attachment #1: Type: TEXT/PLAIN, Size: 3508 bytes --]



Op Thu, 19 Jul 2007, schreef Dmitry Torokhov:

> Hi Daniel,
> 
> On 7/14/07, Daniel Mantione <daniel.mantione@freepascal.org> wrote:
> > Hello,
> > 
> > A while back a patch was merged to make that only root can program the
> > keyboard:
> > 
> > http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0b360adbdb54d5b98b78d57ba0916bc4b8871968
> > 
> > Is this patch discussable? I think this patch isn't proper because of the
> > following reasons:
> > 
> > * Users can play games in many ways. They can configure the terminal
> > settings, (remove the automatic line feed, disable the echo etc). They
> > can
> > load console fonts. They can still put the keyboard in raw mode, etc.
> 
> Keyboard raw mode or disabling line echo may be annoying but you
> really don't want someone leaving box after binding "rm -rf /" to a
> backspace key...

As I said, the proper solution to this problem is to restore the keyboard 
in a known state after logout. There is no need for the kernel to change 
behaviour. Many operating systems allow changing keyboard layout and can 
because there is no need for it to be insecure.

However, I can agree that in some cases, as per system policy, 
administrators mays want to prevent this.

> > * All of these games can be prevented by making mingetty (or whatever 
> >   getty is used) or PAM can put the console into a known state after 
> >   logout.
> > * All of these games are annoyances, system security is not 
> >   compromised.
> > * I do not see a problem with for example a French user doing a "loadkeys
> > fr" if that allows hims to use the computer easier.
> > 
> > Worst issue for me though, is that KDSBENT is needed to be able to catch
> > keys like shift+tab, alt+fx, escape without delay. My application
> > suddenly
> > needs root permissions to work properly.
> 
> Yes, if your application mucks with the console it has to be trusted...

That is not really constructive: I don't want to muck with the console, I
a working keyboard. Linux just just requires you to muck with the console if 
you want a working keyboard. Many applications, Midnight Commander to name 
one, work around Linux console limitations (try ctrl+arrows, 
works as expected despite not supported by Linux).

Now if you force applications to work around limitations, you have a 
certain responsibility not to break them.

> > The alternative, semi raw mode,
> > has the disadvantage that you need to implement your own keymaps (like
> > X).
> > In short, this change breaks applications.
> > 
> 
> You may also try reading data directly from evdev devices... They are
> normally privileged as well but usually user logged on console is
> given access to them.

evdev has the same problem as medium/full raw mode: You need your own 
keyboard maps. This makes this solution not very practical.

To make this discussion productive, I want to work towards a solution. I 
don't mind how I can make the keyboard work as it should, I just want it 
work. Think of the needs of a user interface, you walk through controls 
using tab and shift+tab, put common commands under the function keys and 
shift/control/alt combinations. Cursor control in an editor is done with 
the navigation pad on your keyboard: arrows, home/end/pgup/pgdown, plus 
shift/control/alt combinations with them.

That is all, nothing fancy. Could the kernel support a way to do this?

Greetings,

Daniël Mantione

Re: Keyboard programming needs root

[Bodo Eggert]

Daniël Mantione <daniel.mantione@freepascal.org> wrote:
> Op Thu, 19 Jul 2007, schreef Dmitry Torokhov:
>> On 7/14/07, Daniel Mantione <daniel.mantione@freepascal.org> wrote:

> To make this discussion productive, I want to work towards a solution. I
> don't mind how I can make the keyboard work as it should, I just want it
> work. Think of the needs of a user interface, you walk through controls
> using tab and shift+tab, put common commands under the function keys and
> shift/control/alt combinations. Cursor control in an editor is done with
> the navigation pad on your keyboard: arrows, home/end/pgup/pgdown, plus
> shift/control/alt combinations with them.
> 
> That is all, nothing fancy. Could the kernel support a way to do this?

It could, but nobody had the idea of combining a cooked mode and a raw mode
like DOS provides. OK, DOS did not do a good job, you had to peek the shift
status separately, but you had the assigned character as well as the
(translated) scancode. IIRC, X11 does the same, but with the scancodes
(and the mouse coordinates?) included.
-- 
Friß, Spammer: B@tbHa.h.7eggert.dyndns.org 5ioqqxl@4plP5E.7eggert.dyndns.org
 cu@2u3v.7eggert.dyndns.org gimFCtq@txxzDA.7eggert.dyndns.org

Re: Keyboard programming needs root

[Daniël Mantione]

[-- Attachment #1: Type: TEXT/PLAIN, Size: 1260 bytes --]



Op Thu, 19 Jul 2007, schreef Bodo Eggert:

> Daniël Mantione <daniel.mantione@freepascal.org> wrote:
> > Op Thu, 19 Jul 2007, schreef Dmitry Torokhov:
> >> On 7/14/07, Daniel Mantione <daniel.mantione@freepascal.org> wrote:
> 
> > To make this discussion productive, I want to work towards a solution. I
> > don't mind how I can make the keyboard work as it should, I just want it
> > work. Think of the needs of a user interface, you walk through controls
> > using tab and shift+tab, put common commands under the function keys and
> > shift/control/alt combinations. Cursor control in an editor is done with
> > the navigation pad on your keyboard: arrows, home/end/pgup/pgdown, plus
> > shift/control/alt combinations with them.
> > 
> > That is all, nothing fancy. Could the kernel support a way to do this?
> 
> It could, but nobody had the idea of combining a cooked mode and a raw mode
> like DOS provides. OK, DOS did not do a good job, you had to peek the shift
> status separately, but you had the assigned character as well as the
> (translated) scancode. IIRC, X11 does the same, but with the scancodes
> (and the mouse coordinates?) included.

Well, let's go for it then. Where to start?

Greetings,

Daniël Mantione

Re: Keyboard programming needs root

[Helge Hafting]

Daniël Mantione wrote:
> Op Thu, 19 Jul 2007, schreef Dmitry Torokhov:
>
>   
>> Hi Daniel,
>>
>> On 7/14/07, Daniel Mantione <daniel.mantione@freepascal.org> wrote:
>>     
>>> Hello,
>>>
>>> A while back a patch was merged to make that only root can program the
>>> keyboard:
>>>
>>> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0b360adbdb54d5b98b78d57ba0916bc4b8871968
>>>
>>> Is this patch discussable? I think this patch isn't proper because of the
>>> following reasons:
>>>
>>> * Users can play games in many ways. They can configure the terminal
>>> settings, (remove the automatic line feed, disable the echo etc). They
>>> can
>>> load console fonts. They can still put the keyboard in raw mode, etc.
>>>       
>> Keyboard raw mode or disabling line echo may be annoying but you
>> really don't want someone leaving box after binding "rm -rf /" to a
>> backspace key...
>>     
>
> As I said, the proper solution to this problem is to restore the keyboard 
> in a known state after logout. There is no need for the kernel to change 
> behaviour. Many operating systems allow changing keyboard layout and can 
> because there is no need for it to be insecure.
>
> However, I can agree that in some cases, as per system policy, 
> administrators mays want to prevent this.
>
>   
>>> * All of these games can be prevented by making mingetty (or whatever 
>>>   getty is used) or PAM can put the console into a known state after 
>>>   logout.
>>> * All of these games are annoyances, system security is not 
>>>   compromised.
>>> * I do not see a problem with for example a French user doing a "loadkeys
>>> fr" if that allows hims to use the computer easier.
>>>
>>> Worst issue for me though, is that KDSBENT is needed to be able to catch
>>> keys like shift+tab, alt+fx, escape without delay. My application
>>> suddenly
>>> needs root permissions to work properly.
>>>       
>> Yes, if your application mucks with the console it has to be trusted...
>>     
>
> That is not really constructive: I don't want to muck with the console, I
> a working keyboard. Linux just just requires you to muck with the console if 
> you want a working keyboard. Many applications, Midnight Commander to name 
> one, work around Linux console limitations (try ctrl+arrows, 
> works as expected despite not supported by Linux).
>
> Now if you force applications to work around limitations, you have a 
> certain responsibility not to break them.
>
>   
>>> The alternative, semi raw mode,
>>> has the disadvantage that you need to implement your own keymaps (like
>>> X).
>>> In short, this change breaks applications.
>>>
>>>       
>> You may also try reading data directly from evdev devices... They are
>> normally privileged as well but usually user logged on console is
>> given access to them.
>>     
>
> evdev has the same problem as medium/full raw mode: You need your own 
> keyboard maps. This makes this solution not very practical.
>
> To make this discussion productive, I want to work towards a solution. I 
> don't mind how I can make the keyboard work as it should, I just want it 
> work. Think of the needs of a user interface, you walk through controls 
> using tab and shift+tab, put common commands under the function keys and 
> shift/control/alt combinations. Cursor control in an editor is done with 
> the navigation pad on your keyboard: arrows, home/end/pgup/pgdown, plus 
> shift/control/alt combinations with them.
>
> That is all, nothing fancy. Could the kernel support a way to do this?
>   
The normal way is to set permissions on the device in
question - give either root only or the logged-in user
write access as needed.

It seems to me that "loadkeys" uses /dev/tty / /dev/tty0
So set permissions on that as needed.

Helge Hafting

Re: Keyboard programming needs root

[Daniël Mantione]

[-- Attachment #1: Type: TEXT/PLAIN, Size: 748 bytes --]



Op Tue, 24 Jul 2007, schreef Helge Hafting:

> The normal way is to set permissions on the device in
> question - give either root only or the logged-in user
> write access as needed.
> 
> It seems to me that "loadkeys" uses /dev/tty / /dev/tty0
> So set permissions on that as needed.

This won't work. Under the old behaviour, if you were owner of the tty, 
you were boss of its keymap. Code was added that checks for explicit root 
permissions (actually CAP_SYS_TTY_CONFIG, but this is root in practise), 
so, currently, nothing regarding permissions works.

I agree, that setting a permission would be ideal, this way the sysadmin 
can enforce his prefered policy, rather than having it hardwired into the 
kernel.

Daniël