Age | Commit message (Collapse) | Author | |
---|---|---|---|
2016-06-09 | Merge branch 'parabola' into lukeshu/premove | Luke Shumaker | |
# Conflicts: # Makefile.am | |||
2016-06-09 | Merge tag 'v230-3.parabola1' into parabola | Luke Shumaker | |
2016-06-09 | # Rename "Linux Boot Manager" -> "Systemd Boot Manager"systemd/v230-3.parabola1 | Luke Shumaker | |
sed -i 's|Linux Boot Manager|Systemd Boot Manager|' src/boot/bootctl.c | |||
2016-06-09 | FSDG: man/: Use FSDG operating systems as examples. | Luke Shumaker | |
2016-06-09 | FSDG: systemd-resolved: Default to hostname "gnu-linux" instead of "linux" | Luke Shumaker | |
2016-06-09 | FSDG: os-release: Default ID to "gnu-linux" instead of "linux". | Luke Shumaker | |
As far as I can tell, no code in this repository actually uses the ID field, so this is just a man page change. | |||
2016-06-09 | FSDG: os-release: Default to NAME "GNU/Linux" instead of "Linux". | Luke Shumaker | |
2016-06-09 | FSDG: os-release: Default to PRETTY_NAME "GNU/Linux" instead of "Linux". | Luke Shumaker | |
2016-06-09 | FSDG: man/: Refer to the operating system as GNU/Linux. | Luke Shumaker | |
This is not a blind replacement of "Linux" with "GNU/Linux". In some cases, "Linux" is (correctly) used to refer to just the kernel. In others, it is in a string for which code must also be adjusted; these instances are not included in this commit. | |||
2016-06-09 | systemctl: fix return values on successsystemd/v230-3 | Christian Hesse | |
2016-06-09 | {machine,system}ctl: always pass &changes and &n_changes (#3350) | Christian Hesse | |
We have to pass addresses of changes and n_changes to bus_deserialize_and_dump_unit_file_changes(). Otherwise we are hit by missing information (subsequent calls to unit_file_changes_add() to not add anything). Also prevent null pointer dereference in bus_deserialize_and_dump_unit_file_changes() by asserting. Fixes #3339 | |||
2016-06-09 | Revert "rules: allow users to access frame buffer devices" (#3333) | Zbigniew Jędrzejewski-Szmek | |
This reverts commit 483d8bbb4c0190f419bf9fba57fb0feb1a56bea6. In [1] Michel Dänzer and Daniel Vetter wrote: >> The scenario you describe isn't possible if the Wayland compositor >> directly uses the KMS API of /dev/dri/card*, but it may be possible if >> the Wayland compositor uses the fbdev API of /dev/fb* instead (e.g. if >> weston uses its fbdev backend). > > Yeah, if both weston and your screen grabber uses native fbdev API you can > now screenshot your desktop. And since fbdev has no concept of "current > owner of the display hw" like the drm master, I think this is not fixable. > At least not just in userspace. Also even with native KMS compositors > fbdev still doesn't have the concept of ownership, which is why it doesn't > bother clearing it's buffer before KMS takes over. I agree that this > should be reverted or at least hidden better. TBH, I think that privilege separation between processes running under the same UID is tenuous. Even with drm, in common setups any user process can ptrace the "current owner of the display" and call DROP_MASTER or do whatever. It *is* possible to prevent that, e.g. by disabling ptrace using yama.ptrace_scope, or selinux, and so on, but afaik this is not commonly done. E.g. all Fedora systems pull in elfutils-default-yama-scope.rpm through dependencies which sets yama.ptrace_scope=0. And even assuming that ptrace was disabled, it is trivial to modify files on disk, communicate through dbus, etc; there is just to many ways for a non-sandboxed process to interact maliciously with the display shell to close them all off. To achieve real protection, some sort of sandboxing must be implemented, and in that case there is no need to rely on access mode on the device files, since much more stringent measures have to be implemented anyway. The situation is similar for framebuffer devices. It is common to add framebuffer users to video group to allow them unlimited access to /dev/fb*. Using uaccess would be better solution in that case. Also, since there is no "current owner" limitation like in DRM, processes running under the same UID should be able to access /proc/<pid-of-display-server>/fd/* and gain access to the devices. Nevertheless, weston implements a suid wrapper to access the devices and then drop privileges, and this patch would make this daemon pointless. So if the weston developers feel that this change reduces security, I prefer to revert it. [1] https://lists.freedesktop.org/archives/wayland-devel/2016-May/029017.html | |||
2016-06-07 | fewer differences | Luke Shumaker | |
2016-06-07 | oops | Luke Shumaker | |
2016-06-07 | oops | Luke Shumaker | |
2016-06-07 | fewer differences | Luke Shumaker | |
2016-06-07 | s | Luke Shumaker | |
2016-06-07 | m | Luke Shumaker | |
2016-06-07 | no more automake2autothing macro | Luke Shumaker | |
2016-06-07 | local addresses | Luke Shumaker | |
2016-06-07 | fix | Luke Shumaker | |
2016-06-07 | split grp-machine better | Luke Shumaker | |
2016-06-07 | more | Luke Shumaker | |
2016-06-06 | stuff | Luke Shumaker | |
2016-06-06 | move more | Luke Shumaker | |
2016-06-06 | move stuff | Luke Shumaker | |
2016-06-06 | .gitignore | Luke Shumaker | |
2016-06-06 | stuff | Luke Shumaker | |
2016-06-02 | tidy bzip2 variables | Luke Shumaker | |
2016-06-02 | busctl | Luke Shumaker | |
2016-06-02 | stuff in Makefiles | Luke Shumaker | |
2016-06-02 | move libsystemd-journal source files | Luke Shumaker | |
2016-06-01 | more | Luke Shumaker | |
2016-06-01 | more | Luke Shumaker | |
2016-06-01 | more stuff | Luke Shumaker | |
2016-06-01 | default to calling automake2autothing | Luke Shumaker | |
2016-06-01 | stuff | Luke Shumaker | |
2016-06-01 | stuff | Luke Shumaker | |
2016-06-01 | fix? | Luke Shumaker | |
2016-06-01 | oops | Luke Shumaker | |
2016-06-01 | tidy | Luke Shumaker | |
2016-06-01 | More Makefile fixup | Luke Shumaker | |
2016-06-01 | move.sh: fixup makefile target paths | Luke Shumaker | |
2016-06-01 | oops | Luke Shumaker | |
2016-06-01 | tidy scripts | Luke Shumaker | |
2016-06-01 | *.sh: Add boilerplate that I was running as one-liners. | Luke Shumaker | |
2016-06-01 | stuff | Luke Shumaker | |
2016-06-01 | and more | Luke Shumaker | |
2016-06-01 | more stuff | Luke Shumaker | |
2016-06-01 | More stuff | Luke Shumaker | |