Re: [PATCH] Input notifier support

[Dmitry Torokhov]

On Sun, Mar 01, 2009 at 11:52:56AM +0900, Kyungmin Park wrote:
> On Sun, Mar 1, 2009 at 9:42 AM, Dmitry Torokhov
> <dmitry.torokhov@xxxxxxxxx> wrote:
> > On Sun, Mar 01, 2009 at 12:34:38AM +0100, Andi Kleen wrote:
> >> Kyungmin Park <kmpark@xxxxxxxxxxxxx> writes:
> >>
> >> > Some hardware doesn't connected with key button and led. In this case key should be connected with led by software. Of course each application can control it however it's too big burden to application programmer.
> >> >
> >> > So add input notifier and then use it at other frameworks such as led.
> >> > Of course, other input device can use this one.
> >> >
> >> > Any commnets are welcome.
> >>
> >> It looks like the perfect interface for a password stealing root kit.
> >>
> >> Yes there are probably other ways to do this, but still this seems to
> >> make it very easy.
> >>
> >
> > We already have good interface for that. That's why you want to limit
> > access to /dev/input/eventX ;) and not make it world-readable.
> >
> 
> Hi Dmitry,
> 
> Could you tell me know which interface you're talking?
> I agreed it's not good idea to pass key code value to drivers. it
> caused security issues.
> 

The interface to steal the root password. One can simply open all input
devices and read all events (if the process has sufficient rights).

-- 
Dmitry
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/