Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 877095 - app-misc/beep changed security policy and no longer works in default configuration
Summary: app-misc/beep changed security policy and no longer works in default configur...
Status: UNCONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Shell Tools project
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-10-14 15:24 UTC by Ben
Modified: 2022-10-15 02:08 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ben 2022-10-14 15:24:01 UTC 
It appears that app-misc/beep changed its behavior and the program, though compiles fine, does not actually work anymore.  It appears have added safeguards against standard setuid options that are currently specified in the ebuild.  (It now also prohibits using sudo as well.)


Reproducible: Always

Steps to Reproduce:
1. build app-misc/beep
2. switch to unprivileged user who is at the console
3. run beep at command line
Actual Results:  
$ beep
beep: Error: Running setuid or setgid, which is not supported for security reasons.
beep: Error: Set up permissions for the pcspkr evdev device file instead.


Expected Results:  
speaker should have beeped.

My system is using openrc-elogind-pulseaudio.

I suspect a udev rule is also needed to allow the pcspkr device (/dev/input/by-path/platform-pcspkr-event-spkr/) to also allow logged in user to access it.
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-10-15 00:40:14 UTC 
I guess related to:

commit 51db2842c8c2c925a6c0d7c7875949e94afa9d6f
Author: Alessandro Barbieri <lssndrbarbieri@gmail.com>
Date:   Mon Feb 22 02:02:52 2021 +0100

    app-misc/beep: capabilities added, suid removed

    Closes: https://bugs.gentoo.org/716734
    Package-Manager: Portage-3.0.14, Repoman-3.0.2
    Signed-off-by: Alessandro Barbieri <lssndrbarbieri@gmail.com>
    Closes: https://github.com/gentoo/gentoo/pull/19588
    Signed-off-by: Michał Górny <mgorny@gentoo.org>
Comment 2 Ben 2022-10-15 02:08:24 UTC 
Yes, the logic in ebuild for suid is still there for 1.4.9-r1 and it doesn't really do anything, it just gives an error.  That whole section for USE=suid probably should be removed including fperms.

I'm still not exactly certain what is needed to reliably get the speaker to beep.  Currently I've chmodded the input pcspkr devices and need to have pavucontrol running to get it to beep, which I don't quite understand (suspect my laptop routes the pcspkr 8253 emulation output through an input of hd-audio to save an extra speaker) but permissions may still need some work.  I think I also have a problem with my ext4fs not having extended attributes working and this may also be part of the problem that make capabilities not work, but this seems like more feature bloat/complexity which isn't needed for embedded (though not an issue for a workstation/laptop).

Simple program, added complexities...