API tools faq
paste
Advertisement
Guest User

AJ

a guest
Jan 15th, 2012
45
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.45 KB | None | 0 0
raw download clone embed print report
  1. Source: 'man beep'
  2. ==================
  3.  
  4. IOCTL WACKINESS
  5. Some users will encounter a situation where beep dies with a complaint from ioctl(). The reason for this, as Peter Tirsek was nice
  6. enough to point out to me, stems from how the kernel handles beep's attempt to poke at (for non-programmers: ioctl is a sort of
  7. catch-all function that lets you poke at things that have no other predefined poking-at mechanism) the tty, which is how it beeps.
  8. The short story is, the kernel checks that either:
  9.  
  10. - you are the superuser
  11.  
  12. - you own the current tty
  13.  
  14. What this means is that root can always make beep work (to the best of my knowledge!), and that any local user can make beep work,
  15. BUT a non-root remote user cannot use beep in it's natural state. What's worse, an xterm, or other x-session counts, as far as the
  16. kernel is concerned, as 'remote', so beep won't work from a non-privileged xterm either. I had originally chalked this up to a bug,
  17. but there's actually nothing I can do about it, and it really is a Good Thing that the kernel does things this way. There is also a
  18. solution.
  19.  
  20. By default beep is not installed with the suid bit set, because that would just be zany. On the other hand, if you do make it suid
  21. root, all your problems with beep bailing on ioctl calls will magically vanish, which is pleasant, and the only reason not to is that
  22. any suid program is a potential security hole. Conveniently, beep is very short, so auditing it is pretty straightforward.
  23.  
  24. Decide for yourself, of course, but it looks safe to me - there's only one buffer and fgets doesn't let it overflow, there's only one
  25. file opening, and while there is a potential race condition there, it's with /dev/console. If someone can exploit this race by
  26. replacing /dev/console, you've got bigger problems. :)
  27.  
  28. So the quick, only, and likely safe solution if beep is not beeping when you want it to is (as root):
  29.  
  30. # chmod 4755 /usr/bin/beep
  31.  
  32. (or wherever you put it)
  33.  
  34. The one snag is that this will give any little nitwit the ability to run beep successfully - make sure this is what you want. If it
  35. isn't, a slightly more complex fix would be something like:
  36.  
  37. # chgrp beep /usr/bin/beep
  38.  
  39. # chmod 4750 /usr/bin/beep
  40.  
  41. and then add only beep-worthy users to the 'beep' group.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!