Re: [Tails-dev] console-setup in tails

このメッセージを削除

このメッセージに返信
著者: intrigeri
日付:  
To: The Tails public development discussion list
題目: Re: [Tails-dev] console-setup in tails
intrigeri wrote (28 Sep 2011 10:51:08 GMT) :
> Max wrote (18 Sep 2011 11:27:36 GMT) :
>>>> Is there way to spawn some command on particular tty from X?
>>>> Am I doing smth wrong or maybe there's some way to workaround this issue?
>>>
>>> No solution on the top of my head, unfortunately.


>> One possible workaround would be to spit setupcon into .profile in
>> user's directory but this will work only if user have set password
>> (setupcon require sudo).


> Although ugly, passwordless sudo limited to the needed command might
> do the job. A solution in this class would need to be audited a bit,
> though. Which would take as much time as finding a proper solution.


> Speaking of a proper solution, iirc the Squeeze graphical Debian
> Installer is based on XOrg; it probably has a way to solve this
> problem.


I see you went the sudo way. The (minimal) audit that was conducted
before deciding this solution was safe must be documented somewhere.

For this solution to be safe, I think the sudoer credentials should be
limited to the setupcon command, *without* command line arguments, at
least to avoid the use of --force that more or less triggers a DoS.
See the section about Cmnd_List in sudoers(5) for how to implement
this using "" in place of the arguments.

Bye,
--
intrigeri <intrigeri@???>
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
| Every now and then I get a little bit restless
| and I dream of something wild.