Debian Bug report logs - #522453
non-root users cannot access the console from X

version graph

Package: kbd; Maintainer for kbd is Console utilities maintainers <pkg-kbd-devel@lists.alioth.debian.org>; Source for kbd is src:kbd (PTS, buildd, popcon).

Reported by: mauro.sacchetto@gmail.com

Date: Fri, 3 Apr 2009 20:54:01 UTC

Severity: normal

Tags: wontfix

Merged with 557171

Found in versions kbd/1.15-1, kbd/1.15-4

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Console utilities maintainers <pkg-kbd-devel@lists.alioth.debian.org>:
Bug#522453; Package kbd. (Fri, 03 Apr 2009 20:54:03 GMT) (full text, mbox, link).

Acknowledgement sent to mauro.sacchetto@gmail.com:
New Bug report received and forwarded. Copy sent to Console utilities maintainers <pkg-kbd-devel@lists.alioth.debian.org>. (Fri, 03 Apr 2009 20:54:03 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Mauro Sacchetto <mauro.sacchetto@alice.it>
To: submit@bugs.debian.org
Subject: fgconsole doesn't work as user
Date: Fri, 3 Apr 2009 22:51:11 +0200
Package: kbd
Version: 1.15-1

When I enter in a console, fgconsole works always fine.
If I launch after the X-server, fgconsole works again.
But if I enter with automatic login in X-server as simple user
(I use KDE), fgconsole does work no more:
======================================================
samiel@debian:~$ fgconsole
Couldnt get a file descriptor referring to the console
======================================================
for all /dev/tty are root's ownership.
So it works fine only for root.

Using Debian Testing with precompiled kernel or the last release,
compiled by myslef

MS


-- 
linux user no.: 353546

Information forwarded to debian-bugs-dist@lists.debian.org, Console utilities maintainers <pkg-kbd-devel@lists.alioth.debian.org>:
Bug#522453; Package kbd. (Sun, 05 Apr 2009 08:45:02 GMT) (full text, mbox, link).

Acknowledgement sent to Michael Schutte <michi@uiae.at>:
Extra info received and forwarded to list. Copy sent to Console utilities maintainers <pkg-kbd-devel@lists.alioth.debian.org>. (Sun, 05 Apr 2009 08:45:02 GMT) (full text, mbox, link).

Message #10 received at 522453@bugs.debian.org (full text, mbox, reply):

From: Michael Schutte <michi@uiae.at>
To: mauro.sacchetto@gmail.com, 522453@bugs.debian.org
Subject: Re: Bug#522453: fgconsole doesn't work as user
Date: Sun, 5 Apr 2009 10:41:46 +0200
[Message part 1 (text/plain, inline)]
retitle 522453 non-root users cannot access the console from X
tags 522453 + wontfix
thanks

Hi Mauro,

Thanks for your report.

On Fri, Apr 03, 2009 at 10:51:11PM +0200, Mauro Sacchetto wrote:
> When I enter in a console, fgconsole works always fine.
> If I launch after the X-server, fgconsole works again.
> But if I enter with automatic login in X-server as simple user
> (I use KDE), fgconsole does work no more:
> ======================================================
> samiel@debian:~$ fgconsole
> Couldnt get a file descriptor referring to the console
> ======================================================
> for all /dev/tty are root's ownership.
> So it works fine only for root.

This is true.  It doesn’t only affect fgconsole, but also chvt, openvt
and any other kbd utility which tries to get a console file descriptor.
These programs do their job by trying to open/ioctl these files (in this
order):

	/proc/self/fd/0		(is a pseudo tty in your case)
	/dev/tty		(also PTY)
	/dev/tty0		(only accessible to root)
	/dev/vc/0		(doesn’t exist nowadays)
	/dev/console		(root)
	std{in,out,err}		(PTY)

As none of these is able to respond to a VT_GETSTATE ioctl, fgconsole
and friends fail.  I’m afraid this situation won’t change.

Have a look at sudo if you need unprivileged users to run these
utilities in a secure manner.

All the best,
-- 
Michael Schutte <michi@uiae.at>

[signature.asc (application/pgp-signature, inline)]

Changed Bug title to `non-root users cannot access the console from X' from `fgconsole doesn't work as user'. Request was from Michael Schutte <michi@uiae.at> to control@bugs.debian.org. (Sun, 05 Apr 2009 08:45:05 GMT) (full text, mbox, link).

Tags added: wontfix Request was from Michael Schutte <michi@uiae.at> to control@bugs.debian.org. (Sun, 05 Apr 2009 08:45:06 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Console utilities maintainers <pkg-kbd-devel@lists.alioth.debian.org>:
Bug#522453; Package kbd. (Sun, 05 Apr 2009 12:06:02 GMT) (full text, mbox, link).

Acknowledgement sent to mauro.sacchetto@gmail.com:
Extra info received and forwarded to list. Copy sent to Console utilities maintainers <pkg-kbd-devel@lists.alioth.debian.org>. (Sun, 05 Apr 2009 12:06:02 GMT) (full text, mbox, link).

Message #19 received at 522453@bugs.debian.org (full text, mbox, reply):

From: Mauro Sacchetto <mauro.sacchetto@alice.it>
To: 522453@bugs.debian.org
Cc: Michael Schutte <michi@uiae.at>
Subject: Re: Bug#522453: fgconsole doesn't work as user
Date: Sun, 5 Apr 2009 14:03:00 +0200
Il domenica 5 aprile 2009 10:41:46 Michael Schutte ha scritto:
> This is true.  It doesn’t only affect fgconsole, but also chvt, openvt
> and any other kbd utility which tries to get a console file descriptor.
[cut]
> As none of these is able to respond to a VT_GETSTATE ioctl, fgconsole
> and friends fail.  I’m afraid this situation won’t change.
Fgconsole fails in Slackware too, if I set
the automatic access in X.
So there is no real solution, if I don't use sudo?


Thanx!
Mauro



-- 
linux user no.: 353546

Information forwarded to debian-bugs-dist@lists.debian.org, Console utilities maintainers <pkg-kbd-devel@lists.alioth.debian.org>:
Bug#522453; Package kbd. (Sun, 05 Apr 2009 18:42:02 GMT) (full text, mbox, link).

Acknowledgement sent to Michael Schutte <michi@uiae.at>:
Extra info received and forwarded to list. Copy sent to Console utilities maintainers <pkg-kbd-devel@lists.alioth.debian.org>. (Sun, 05 Apr 2009 18:42:02 GMT) (full text, mbox, link).

Message #24 received at 522453@bugs.debian.org (full text, mbox, reply):

From: Michael Schutte <michi@uiae.at>
To: mauro.sacchetto@gmail.com
Cc: 522453@bugs.debian.org
Subject: Re: Bug#522453: fgconsole doesn't work as user
Date: Sun, 5 Apr 2009 20:39:10 +0200
[Message part 1 (text/plain, inline)]
On Sun, Apr 05, 2009 at 02:03:00PM +0200, Mauro Sacchetto wrote:
> Il domenica 5 aprile 2009 10:41:46 Michael Schutte ha scritto:
> > This is true.  It doesn’t only affect fgconsole, but also chvt, openvt
> > and any other kbd utility which tries to get a console file descriptor.
> [cut]
> > As none of these is able to respond to a VT_GETSTATE ioctl, fgconsole
> > and friends fail.  I’m afraid this situation won’t change.
> Fgconsole fails in Slackware too, if I set
> the automatic access in X.

I may be misunderstanding you here: fgconsole should always fail when
run from a virtual terminal under X, regardless of automatic or manual
login.

> So there is no real solution, if I don't use sudo?

You cannot change the permissions of /dev/tty0 or /dev/console without
opening a giant security hole.  Setting the desired programs suid is an
option, but I’d stay away from it.  sudo is much safer and can be
controlled in more detail (see sudoers(5)).

Cheers,
-- 
Michael Schutte <michi@uiae.at>

[signature.asc (application/pgp-signature, inline)]

Forcibly Merged 522453 557171. Request was from Michael Schutte <michi@uiae.at> to control@bugs.debian.org. (Tue, 24 Nov 2009 20:06:09 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jan 3 17:08:35 2018; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.