[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [E-devel] Suspend functionality for Entrance



Carsten Haitzler (The Rasterman) wrote:
> i agree - it's useful in all places. in reality - most suspend systems
> use a
> script or command to initiate the suspend. the ONLY thing we need to do, is
> execute this script/command as root. i don't think we need an api - but what we
> DO need is to have a standard way to find what the name of this script is.
>
> in unix "shutdown -h now" and "shutdown -r now" or "halt" or "reboot" are
> standard commands we can just blindly execute. we need to have people to
> research and share their findings on all the ways there are to:
>
> suspend to ram
> suspend to disk
>
> i don't think this should go into ecore - it means shipping suid root binary
> tools in a shared lib to do this. i would leave it up to entrance (it is
> already root) to choose if it allows a user to do this (config options for
> security) and then do it - for e, it actually wouldn't be useful as a module -
> it would be core code - using a suid root binary util to do the footwork. e
> also needs to wrap shutdown and reboot too this way and it actually is a todo
> item.
>
> the problem now comes - how are we going to solve the security issue. having
> this binary around at all means any user on the sytsem can halt, reboot,
> suspend etc. it (in fact they can already be a little evil and speedstep the
> cpu up and down without needing root - cpufreq comes with a util bin to do
> this). basically we need to know that the user is ACTUALLY logged into the
> console (not remotely via ssh)
>
> i.e.
>
> [  6:43AM ~ ] who
> raster   pts/0        2006-08-25 06:24 (:0.0)
> raster   pts/1        2006-08-25 06:27 (:0.0)
> raster   pts/2        2006-08-25 06:43 (:0.0)
> bob      pts/3        2006-08-25 06:43 (localhost.localdomain)
>
> we can see raster here is logged on at the console (:0.0 or :1.0 or :0.1 etc.)
> but bob is logged in from another system (i ssh'd into myself). we need a good
> way to check that the uid who is spawning the suid root util is logged in on
> the console - otherwise deny access.
>
> we could execute "who" and parse the output - is this acceptable? is who as
> universal as i think? who itself opens /var/run/utmp (or /var/run/utmpx) and
> parses it itself. doing it ourselves may be a little faster and more efficient,
> but we don't need to do this very often (when you change cufreq governor or
> manually change cpu frequency or you ask to shutdown, reboot or suspend). if we
> don't diy then we need to contend with parsing - if the output differs.
>
> so a who -m should do:
>
> raster   pts/0        2006-08-25 06:24 (:0.0)
>
> (ie the current user associated with stdin)
>
> simply parse that 1 liner - look for the (...something...) and if that starts
> with localhost, :, 127.0.0.1, then we know the user is logged in locally or
> from locally and we can approve the action.
>
> now - back to if it should be in ecore - no, as entrance doesn't need this
> convoluted check system - just exec a command. only e needs it
>   
How about doing it the unix way and make a user group that is allowed to
halt, reboot and suspend?
The wrapper for the scripts could check for other logged in users to
warn the user about this if he want to execute one of the above operations.

just my CHF 0.02

Slalomsk8er