joydev devices are world readable

joydev devices are world readable

[Floris]

Hey,

after asking the systemd mailing list [1] I will try this list. Maybe  
someone can help me to solve this issue or point me to someone/ some list.

The short version of the problem:

I have created a multiseat setup with systemd. And used "loginctl attach"  
to attach devices to an other seat. The input from the mouse and keyboard  
are working as expected. They both only work on the seat they are attached  
to. Nevertheless, the joysticks ignore the seat rules and works on every  
seat. So a user from seat0 can interact with seat1. Maybe this is not  
directly a security problem as it is annoying.

Please read the systemd-devel mailing list [1] for more information or ask  
me if you need more information about my system or the problem.

tia,

floris

[1]  
http://lists.freedesktop.org/archives/systemd-devel/2014-May/019551.html

Re: joydev devices are world readable

[David Herrmann]

Hi

On Thu, May 29, 2014 at 10:11 AM, Floris <jkfloris@dds.nl> wrote:
> Hey,
>
> after asking the systemd mailing list [1] I will try this list. Maybe
> someone can help me to solve this issue or point me to someone/ some list.
>
> The short version of the problem:
>
> I have created a multiseat setup with systemd. And used "loginctl attach" to
> attach devices to an other seat. The input from the mouse and keyboard are
> working as expected. They both only work on the seat they are attached to.
> Nevertheless, the joysticks ignore the seat rules and works on every seat.
> So a user from seat0 can interact with seat1. Maybe this is not directly a
> security problem as it is annoying.
>
> Please read the systemd-devel mailing list [1] for more information or ask
> me if you need more information about my system or the problem.

I posted an explanation on systemd-devel [1] this morning. Please note
that this is a policy-issue created in user-space. The kernel-side
cannot help you there. Furthermore, the kernel recommends using evdev
instead of joydev and friends. Therefore, I cannot see what you expect
from us.

If you want to get this solved, simply change the udev rules on your
system to prevent joydev devices from being world-readable.

Thanks
David

[1] http://lists.freedesktop.org/archives/systemd-devel/2014-May/019566.html

Re: joydev devices are world readable

[Floris]

> I posted an explanation on systemd-devel [1] this morning. Please note
> that this is a policy-issue created in user-space. The kernel-side
> cannot help you there. Furthermore, the kernel recommends using evdev
> instead of joydev and friends. Therefore, I cannot see what you expect
> from us.

just curious. If the joydev module is not recommended, why is it still
available and used?

> If you want to get this solved, simply change the udev rules on your
> system to prevent joydev devices from being world-readable.
>
> Thanks
> David

Thank for your explanations. I will try to modify or add udev rules and
see if I can solve this behavior.

Thanks,

floris

Re: joydev devices are world readable

[David Herrmann]

Hi

On Thu, May 29, 2014 at 11:44 AM, Floris <jkfloris@dds.nl> wrote:
>> I posted an explanation on systemd-devel [1] this morning. Please note
>> that this is a policy-issue created in user-space. The kernel-side
>> cannot help you there. Furthermore, the kernel recommends using evdev
>> instead of joydev and friends. Therefore, I cannot see what you expect
>> from us.
>
>
> just curious. If the joydev module is not recommended, why is it still
> available and used?

Linux has strict backwards-compatibility rules. Therefore, we cannot
remove joydev. However, we can decide to mark it obsolete, which means
we will not extend it anymore. Furthermore, we cannot force anyone to
stop using joydev, so we have to continue supporting it.

Thanks
David