Bug 1226680
Summary: | fbterm-udevrules allows public access to frame buffer devices | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Zbigniew Jędrzejewski-Szmek <zbyszek> |
Component: | fbterm | Assignee: | Luis Bazan <bazanluis20> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 23 | CC: | bazanluis20, i18n-bugs, tfujiwar, zbyszek |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | fbterm-1.7-10.fc25 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-11-19 21:16:15 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1226704 |
Description
Zbigniew Jędrzejewski-Szmek
2015-05-31 18:10:17 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 23 development cycle. Changing version to '23'. (As we did not run this process for some time, it could affect also pre-Fedora 23 development cycle bugs. We are very sorry. It will help us with cleanup during Fedora 23 End Of Life. Thank you.) More information and reason for this action is here: https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora23 I think the purpose is to provide any users who runs fbterm with the permission of the frame buffer in console login. Do you have any ideas to fix it? If the udev rule could be applied to the specific command, it might be nice. uaccess tag seems to be the right solution. I filed https://github.com/systemd/systemd/pull/2858 upstream. Thank you for the patch. systemd patch has been released in systemd 230. I tried systemd-231-10. It seems the patch is not available and 99-fbterm.rules is still needed. % cat /usr/lib/udev/rules.d/70-uaccess.rules | grep -i fb % rpm -qf /usr/lib/udev/rules.d/70-uaccess.rules systemd-udev-231-10.fc25.x86_64 That patch was reversed (https://github.com/systemd/systemd/commit/e77813ca9f), see the commit for the reasons. My original comment still stands, I believe 'video' group is the only non-insecure option at this point. I wish if a child process could be launched from console login prompt. E.g. When users log from GDM, Xorg with root privilege and a user session with user privilege are launched. fbterm-1.7-10.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2016-04399cfcdc fbterm-1.7-10.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-04399cfcdc fbterm-1.7-10.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report. |