Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#3668 - /dev/input/event* is accessible only to root
Attached to Project:
Arch Linux
Opened by name withheld (Gullible Jones) - Tuesday, 27 December 2005, 04:36 GMT
Last edited by Jan de Groot (JGC) - Sunday, 01 January 2006, 11:05 GMT
Opened by name withheld (Gullible Jones) - Tuesday, 27 December 2005, 04:36 GMT
Last edited by Jan de Groot (JGC) - Sunday, 01 January 2006, 11:05 GMT
|
DetailsAs far as I know, there is no security gained by making /dev/input/event* only accessible to root, as is the case with the Testing version of udev. On the other hand, those devices being inaccessible can cause Xorg to lock up if you're trying to use evdev, which is very annoying. It seems to me that it would be a good idea to make them readable by users by default in order to prevent some nuisances.
|
This task depends upon
Closed by Tobias Powalowski (tpowa)
Tuesday, 31 January 2006, 14:37 GMT
Reason for closing: Not a bug
Tuesday, 31 January 2006, 14:37 GMT
Reason for closing: Not a bug
Comment by Jan de Groot (JGC) -
Tuesday, 27 December 2005, 09:35 GMT
Since xorg is a setuid binary, this shouldn't matter that much. But since /dev/input/mice is 644 also, I think we should have the evdev devices the same way.
Comment by name withheld (Gullible Jones) -
Tuesday, 27 December 2005, 18:01 GMT
Wait a minute, if /dev/input/event* is readable by root only, and xorg is setuid so it can read it, doesn't that mean that xorg is setuid to root? Wouldn't that constitute a big fat security hole?
Comment by Jan de Groot (JGC) -
Tuesday, 27 December 2005, 18:12 GMT
X has always been setuid root. It starts as root and launches everything else as user that started it. How would you like to do direct access to things like MTRR, AGP as normal user?
Comment by name withheld (Gullible Jones) -
Tuesday, 27 December 2005, 23:54 GMT
And that doesn't open up massive security holes?