[arch-general] Why does a regular user have access to /dev/uinput (and why only temporary)
Damjan Georgievski
gdamjan at gmail.com
Tue Feb 2 18:48:49 UTC 2016
>> $ getfacl /dev/uinput
>> getfacl: Removing leading '/' from absolute path names
>> # file: dev/uinput
>> # owner: root
>> # group: root
>> user::rw-
>> user:manuel:rw- #effective:---
>> group::---
>> mask::---
>> other::---
>>
>> So somehow the permission is still there, but no longer effective???
>>
>> If I switch VT once (and probably switching the active session this way)
>> I have permission again and now my user keeps it.
>>
>> What is causing this ugly behaviour? Why does a user have to have uinput
>> permissions at all? The (possible security) problem with this is, that
>> the driver (may be a simulated keyboard driver) keeps active even if the
>> session changes. So a software, launched in one session, affects another
>> session.
device nodes tagged with 'uaccess' by udev are given to the current
seat user by logind.
see what has TAG+="uaccess" in /usr/lib/udev/rules.d/
--
damjan
More information about the arch-general
mailing list