daily pastebin goal
5%
SHARE
TWEET

AJ

a guest Jan 15th, 2012 21 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Source: 'man beep'
  2. ==================
  3.  
  4. IOCTL WACKINESS
  5.        Some  users  will encounter a situation where beep dies with a complaint from ioctl().  The reason for this, as Peter Tirsek was nice
  6.        enough to point out to me, stems from how the kernel handles beep's attempt to poke at (for  non-programmers:  ioctl  is  a  sort  of
  7.        catch-all  function  that  lets you poke at things that have no other predefined poking-at mechanism) the tty, which is how it beeps.
  8.        The short story is, the kernel checks that either:
  9.  
  10.        - you are the superuser
  11.  
  12.        - you own the current tty
  13.  
  14.        What this means is that root can always make beep work (to the best of my knowledge!), and that any local user can  make  beep  work,
  15.        BUT  a  non-root remote user cannot use beep in it's natural state.  What's worse, an xterm, or other x-session counts, as far as the
  16.        kernel is concerned, as 'remote', so beep won't work from a non-privileged xterm either.  I had originally chalked this up to a  bug,
  17.        but  there's actually nothing I can do about it, and it really is a Good Thing that the kernel does things this way.  There is also a
  18.        solution.
  19.  
  20.        By default beep is not installed with the suid bit set, because that would just be zany.  On the other hand, if you do make  it  suid
  21.        root, all your problems with beep bailing on ioctl calls will magically vanish, which is pleasant, and the only reason not to is that
  22.        any suid program is a potential security hole.  Conveniently, beep is very short, so auditing it is pretty straightforward.
  23.  
  24.        Decide for yourself, of course, but it looks safe to me - there's only one buffer and fgets doesn't let it overflow, there's only one
  25.        file  opening,  and  while  there  is  a potential race condition there, it's with /dev/console.  If someone can exploit this race by
  26.        replacing /dev/console, you've got bigger problems.  :)
  27.  
  28.        So the quick, only, and likely safe solution if beep is not beeping when you want it to is (as root):
  29.  
  30.        # chmod 4755 /usr/bin/beep
  31.  
  32.        (or wherever you put it)
  33.  
  34.        The one snag is that this will give any little nitwit the ability to run beep successfully - make sure this is what you want.  If  it
  35.        isn't, a slightly more complex fix would be something like:
  36.  
  37.        # chgrp beep /usr/bin/beep
  38.  
  39.        # chmod 4750 /usr/bin/beep
  40.  
  41.        and then add only beep-worthy users to the 'beep' group.
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top