SUMMARY : /dev/fb permissions

From: Mark Davies (mzd@aeg.dsto.gov.au)
Date: Tue Aug 18 1992 - 18:40:33 CDT


Yesterday I posted the following question -

> I recently had one of our users, using the following script. To my surprise
> I find that /dev/fb is not protected, ie anyone who has access to the machine
> can run this script and monitor the contents of the frame buffer.
> The $64,000 question is - Can the frame buffer be protected ?
>
> It should also be noted that the same thing can be done using pixrect, plus
> lots of other nasty things depending on the users imagination.
>
> #
> if ($1 == '') then
> echo 'usage: spy host'
> exit
> endif
> screendump path/myscreen
> loop:
> rsh $1 screendump path/spyscreen
> screenload path/spyscreen
> set a=($<)
> if ($a != "q") goto loop
> screenload path/myscreen
> /usr/bin/rm path/myscreen
> /usr/bin/rm path/spyscreen

 My thanks for the over whelming immediate reply.
 There were too many replies to list all who responded.
 
 The answer is to setup /etc/fbtab and /etc/svdtab if your using Sunview,
 both of which have man entries.
 
 The following is a typical sample of fbtab I received -
 
#
# @(#)fbtab 1.3 90/01/25 SMI
#
# Copyright (c) 1989 by Sun Microsystems, Inc.
#
# /etc/fbtab -- framebuffer table
#
# Description:
# If the user is logging in on a device specified in the "console" field
# of any entry in this file, the owner/group of the devices listed in the
# "device_list" field will be set to that of the user. Similarly, the mode
# will be set to the mode specified in the "mode" field.
#
# Format:
# console mode device_list
#
# Notes:
# A "device_list" is a colon-separated list of device names.
# A '#' begins a comment and may appear anywhere in an entry.
#
# Example:
# /dev/console 0600 /dev/kbd:/dev/mouse
#
# Uncomment the following entries to enable window system security
/dev/console 0600 /dev/kbd:/dev/mouse
/dev/console 0600 /dev/fb:/dev/bwone0:/dev/bwtwo0
/dev/console 0600 /dev/cgone0:/dev/cgtwo0:/dev/cgthree0:/dev/cgfour0
/dev/console 0600 /dev/cgsix0:/dev/cgeight0:/dev/cgnine0
/dev/console 0600 /dev/gpone0a:/dev/gpone0b:/dev/gpone0c:/dev/gpone0d

A few respondants suggested adding /dev/audio after the mouse.

----------------------------------------------------------------------------
  Mark Davies | E-mail: mzd@aeg.dsto.gov.au
  Aeronautical Research Laboratory | Phone: +61 8 259 6760
  DSTO Salisbury, South Australia | Fax: +61 8 259 5507
----------------------------------------------------------------------------



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:06:48 CDT