Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 07 Oct 2001 23:50:28 +0200
From:      "Georg-W. Koltermann" <gwk@sgi.com>
To:        Robert Watson <rwatson@FreeBSD.ORG>
Cc:        current@FreeBSD.ORG
Subject:   Re: VMWare2 permission problems on -current as of Sep 26
Message-ID:  <lth8zenktln.wl@hunter.munich.sgi.com>
In-Reply-To: <Pine.NEB.3.96L.1011002202533.7220B-100000@fledge.watson.org>
References:  <lth669ypi5b.wl@hunter.munich.sgi.com> <Pine.NEB.3.96L.1011002202533.7220B-100000@fledge.watson.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Hi Robert,

it doesn't seem to be securelevel-related.  sysctl(8) says:

    hunter[5]$ sysctl kern.securelevel
    kern.securelevel: -1

I also hacked the securelevel_g[et] routines to immediately return 0
as you suggested, and it doesn't make a difference.

Besides, securelevel_g[et] doesn't seem to be used much.  I think I
found only one reference when doing a find/grep in /usr/src/sys.  And
there are just a few hard-coded tests of securelevel > 0 as well.

I ran the vmware command through ktrace(1) (had to do that as root
since it won't trace a SUID program for a normal user), and it does
get an error return from an access(2) on .Xauthority:

  1207 vmware   CALL  access(0xbfbff759,0x4)
  1207 vmware   NAMI  "/compat/linux/home/hunter/gwk/.Xauthority"
  1207 vmware   NAMI  "/home/hunter/gwk/.Xauthority"
  1207 vmware   RET   access -1 errno -13 Unknown error: -13

It seems I am going to debug the access() call next.

--
Regards,
Georg.


At Tue, 2 Oct 2001 20:28:16 -0400 (EDT),
Robert Watson wrote:
> 
> 
> There have been a number of permission-related changes in the tree of
> late, in particular relating to securelevel support.  I haven't
> experienced any local problems running the new code, but there is always
> the potential for such a problem, especially in areas of the code I'm not
> actively using.  In particular, I haven't used vmware2 on my test boxes in
> quite a while, since the KSE changes certainly at least.  A first question
> for you would be: are you using a securelevel other than -1?  As a quick
> hack, try the following: edit securelevel_ge() and securelevel_gt() in
> kern_prot.c to always return 0.  See if the problem goes away.  It's
> possible I botched a securelevel check in the device code, or
> mis-transcribed a securelevel value.  Depending on how into kernel
> debugging you are, you could also try setting breakpoints in the
> securelevel code and see what's getting spat out.
> 
> Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
> robert@fledge.watson.org      NAI Labs, Safeport Network Services
> 
> On Tue, 2 Oct 2001, Georg-W. Koltermann wrote:
> 
> > Hi,
> > 
> > I have applied the KSE patches to vmware2 that were posted on
> > http://www.ripe.net/home/mark/files/vmware2_kse.patch.tgz.  I can now
> > build vmware2, but run into a number of permission problems running
> > it:
> > 
> > 1.  Xlib: connection to ":0.0" refused by server
> >     Xlib: Client is not authorized to connect to Server
> >     Error: Can't open display: :0
> > 
> >     Can be worked around by "chmod 644 ~/.Xauthority".
> > 
> > 2.  Cannot open /dev/tty0: permission denied (in a GUI message box).
> > 
> >     Linux /dev/tty0 seems to refer to FreeBSD /dev/ttyv0,
> >     using a chain of two symlinks.  "chown $USER /dev/ttyv0" doesn't
> >     seem to be effective, but "chmod 666 /dev/ttyv0" makes the message
> >     go away.
> > 
> > 3.  Active virtual terminal (/dev/tty9) is not valid. Permission
> >     denied.  (in a GUI message box).
> > 
> >     Seems to be like the above, Linux tty9 is really FreeBSD ttyv8,
> >     and a chown is ineffective but a chmod 666 solves it.
> > 
> > 4.  Warning: Tried to connect to session manager, Authentication
> >     Rejected, reason : None of the authentication protocols specified
> >     are supported and host-based authentication failed
> > 
> >     on stderr.  Don't know if this is a problem or just a warning.
> > 
> > 5.  Permission error creating lockfiles (vmware-lock.whoever)
> > 
> >     The directory is owned by me.
> > 
> > In summary, it seems as though the vmware binary (which is SUID root)
> > is unable to access any files that are only accessible to the invoking
> > user (like .Xauthority), and also unable to access any files
> > accessible by root (like the /dev nodes).
> > 
> > Is there a kind of changed permission policy in the new linuxulator
> > that could cause this?  By any chance, would I need to recompile the
> > linux_base port?
> > 
> > Is anyone using VMWare2 successfully on a recent -current?
> > 
> > --
> > Regards,
> > Georg.
> > 
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-current" in the body of the message
> > 
> 

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?lth8zenktln.wl>