retitle 196372 xserver-common: improve documentation of allowed_users severity 196372 minor tag 196372 - wontfix thanks
On Tue, Jun 10, 2003 at 01:39:33AM -0000, Sean Champ wrote:
> On Mon, 9 Jun 2003 12:01:22 -0500, Branden Robinson <[EMAIL PROTECTED]>, [EMAIL
> PROTECTED] wrote:
> >I am probably not going to act on your implicit request (to trash the
> >allowed_users variable and functionality).
> >
> >The reason is that, as documented in Xwrapper.config(5), "allowed_users"
> >doesn't have to do with the invoking user's identity, but rather whether
> >or not the user has control of a virtual console device.
>
> Well, thanks; i get the /intent/ of it, now.
>
> However, when the variable is set to "rootonly", the /effect/ is one
> that is based entirely on the user's identity.
Well, yeah, that's the intent. If allowed_users is "rootonly", only
root can start the X server.
Here's the C code that enforces the restrictions:
static int
checkSecLevel(SecurityLevel level)
{
struct stat s;
switch (level) {
case RootOnly:
if (getuid() == 0) { /* real uid is root */
return TRUE;
} else {
return FALSE;
}
break;
case Console:
if (getuid() == 0) return TRUE; /* root */
/* see if stdin is a virtual console device */
if (fstat(0, &s) != 0) {
(void) fprintf(stderr,"X: cannot stat stdin\n");
return FALSE;
}
if (S_ISCHR(s.st_mode) &&
((s.st_rdev >> 8) & 0xff) == VT_MAJOR_DEV &&
(s.st_rdev & 0xff) < 64) {
return TRUE;
}
break;
case Anybody:
return TRUE;
}
return FALSE;
}
I do not think we are completely understanding each other. Did you
misunderstand the meaning of the allowed_users variable, or did you
understand it but simply want it to work differently?
(Perhaps "allowed_users" should be renamed to "access_policy".)
--
G. Branden Robinson | Imagination was given man to
Debian GNU/Linux | compensate for what he is not, and
[EMAIL PROTECTED] | a sense of humor to console him for
http://people.debian.org/~branden/ | what he is.
pgp00000.pgp
Description: PGP signature
