'Re: linux svga terminals'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gnuplot-info-beta
Subject:    Re: linux svga terminals
From:       Ethan Merritt <merritt () u ! washington ! edu>
Date:       2008-02-01 23:59:54
Message-ID: 200802011559.54589.merritt () u ! washington ! edu
[Download RAW message or body]

On Friday 01 February 2008 15:41, Don Taber wrote:
> The linux and vgagl terminals for the Linux console use
> svgalib.  Older versions of svgalib required that binaries
> linked to it be installed suid to access the video hardware.
> Gnuplot will not make the linux terminals available if 
> getuid returns nonzero.
> 
> However, recent versions of svgalib (1.9.x) employ a kernel
> module (svgalib_helper.ko) and binaries linking it do not
> need to be installed suid.  Typical installations will
> create a udev rule like:
> 
> KERNEL=="svga*", NAME="%k", MODE="0660", GROUP="video"
> 
> So to give nonroot users console video access, you just
> create a "video" group and add them to it.

That's interesting. I wouldn't have thought group access
was sufficient.

Be that as it may, the bigger question is "Does it work?"
In 8 years of periodic tries, with a serious effort at the
time of the 4.0 and 4.2 releases, I have never once managed
to build a working version of svgalib support into gnuplot.
It either does nothing useful, locks up the machine, or
scribbles random garbage on the screen.

I would be delighted if you are willing to send me privately
a working linux executable, so I can at least see how it is
_supposed_ to work.

What's your secret recipe?

	Ethan
 
> I have added an additional configuration step when deciding
> to compile in the linux terminal.  If --with-linux-vga is
> requested and the library successfully found, I then
> check for the availability of the kernel module.  If that
> test is successfull, I define an additional symbol to be
> inserted in config.h, SVGALIB_HELPER.  When is defined
> code related to checking euid and toggling root
> privileges is not compiled.
> 
> I am no kind of autoconf guru, but I think I did it right.
> I patched configure.in and config.hin.  It works fine
> for me with a 2.6 kernel and svgalib 1.9.25, and I don't
> think it will break anything.  But someone with
> genuine (TM) autoconf knowledge should check it.
> 
> Patch against recent CVS follows.
> 
> Don Taber
> -----------------------------------------------------------
> 
> 
> diff -ru gnuplot.orig/config.hin gnuplot/config.hin
> --- gnuplot.orig/config.hin	2008-02-01 12:42:11.000000000 -0800
> +++ gnuplot/config.hin	2008-02-01 12:39:23.000000000 -0800
> @@ -395,6 +395,9 @@
> /* Define if this is a Linux system with SuperVGA library. */
> #undef LINUXVGA
> 
> +/* Define if svgalib uses svgalib_helper kernel module. */
> +#undef SVGALIB_HELPER
> +
> /* Define if you want to use the MGR Window system. */
> #undef MGR
> 
> diff -ru gnuplot.orig/configure.in gnuplot/configure.in
> --- gnuplot.orig/configure.in	2008-02-01 12:44:55.000000000 -0800
> +++ gnuplot/configure.in	2008-02-01 12:39:18.000000000 -0800
> @@ -228,6 +228,11 @@
> LINUXSUID='chown root $(bindir)/gnuplot; chmod u+s $(bindir)/gnuplot'
> TERMLIBS="-lvga $TERMLIBS"],
> with_linux_vga=no)
> +  if modprobe -n svgalib_helper ; then
> +     with_svgalib_helper=yes
> +     AC_DEFINE(SVGALIB_HELPER,1,
> +               [ Define if svgalib uses svgalib_helper kernel module. ])
> +  fi
> fi
> 
> dnl TODO: simplify, get rid of GGI_SUPPORT
> @@ -1143,7 +1148,9 @@
> else
> AC_MSG_RESULT([  vgagl terminal ((s)vga console): no (requires vgagl)])
> fi
> -  AC_MSG_RESULT([    SECURITY NOTICE: SVGAlib requires that gnuplot is installed \
> suid root!]) +  if test "$with_svgalib_helper" != yes; then
> +     AC_MSG_RESULT([    SECURITY NOTICE: SVGAlib without kernel helper module \
> requires that gnuplot is installed suid root!]) +  fi
> else
> AC_MSG_RESULT([  linux terminal (vga console): no (use --with-linux-vga to \
> enable,]) AC_MSG_RESULT([                                       requires SVGAlib)])
> diff -ru gnuplot.orig/src/plot.c gnuplot/src/plot.c
> --- gnuplot.orig/src/plot.c	2008-02-01 12:42:28.000000000 -0800
> +++ gnuplot/src/plot.c	2008-02-01 12:40:11.000000000 -0800
> @@ -285,8 +285,10 @@
> 
> #ifdef LINUXVGA
> LINUX_setup();		/* setup VGA before dropping privilege DBT 4/5/99 */
> +#ifndef SVGALIB_HELPER
> drop_privilege();
> #endif
> +#endif
> /* make sure that we really have revoked root access, this might happen if
> gnuplot is compiled without vga support but is installed suid by mistake */
> #ifdef __linux__
> diff -ru gnuplot.orig/term/linux.trm gnuplot/term/linux.trm
> --- gnuplot.orig/term/linux.trm	2008-02-01 12:42:42.000000000 -0800
> +++ gnuplot/term/linux.trm	2008-02-01 12:39:57.000000000 -0800
> @@ -122,8 +122,10 @@
> 
> LINUX_graphics_allowed = FALSE;
> 
> +#ifndef SVGALIB_HELPER
> if (geteuid() != 0)
> 	return;			/* if we aren't root, we cannot init graphics */
> +#endif
> 
> if ((pipe = popen("/usr/bin/tty", "r")) != NULL) {
> 	line[0] = 0;
> @@ -152,9 +154,13 @@
> 	}
> }
> if (LINUX_graphics_allowed) {
> +#ifndef SVGALIB_HELPER
> 	take_privilege();
> +#endif
> 	vga_init();
> +#ifndef SVGALIB_HELPER
> 	drop_privilege();
> +#endif
> } else {
> 	/* err - shouldn't we give up root uid whatever happens ?
> 	 * or perhaps vga_init() does it ?
> 
> 
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> gnuplot-beta mailing list
> gnuplot-beta@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/gnuplot-beta
> 

-- 
Ethan A Merritt            Courier Deliveries: 1959 NE Pacific
Dept of Biochemistry
Health Sciences Building
University of Washington - Seattle WA 98195-7742

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
gnuplot-beta mailing list
gnuplot-beta@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/gnuplot-beta


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic