You are not logged in.

#1 2020-07-27 18:50:13

IgnisDa
Member
Registered: 2020-07-27
Posts: 1

I cannot change my laptops brightness

`xbacklight -set 50` gives ``/usr/bin/xbacklight: [Errno 13] Permission denied: '/sys/class/backlight/amdgpu_bl0/brightness'``. Running it with ``sudo`` fixes the problem, but I want to bind the RaiseBrightness button (I am using i3) to this, and i cannot put sudo in the i3 config file. I tried adding my username to the ``sys`` group but the same problem still occurs.

Last edited by IgnisDa (2020-07-27 18:50:34)

Offline

#2 2020-07-27 19:09:20

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 23,934
Website

Re: I cannot change my laptops brightness


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#3 2020-07-27 19:30:05

Slithery
Forum Moderator
From: Norfolk, UK
Registered: 2013-12-01
Posts: 3,934

Re: I cannot change my laptops brightness

IgnisDa wrote:

and i cannot put sudo in the i3 config file.

Why not?


No, it didn't "fix" anything. It just shifted the brokeness one space to the right. - jasonwryan
Closing -- for deletion; Banning -- for muppetry. - jasonwryan

aur - dotfiles

Offline

#4 2020-07-29 03:48:35

VDmvKcW9JamBSir5fNfehqpG
Member
From: Earth
Registered: 2019-12-30
Posts: 24

Re: I cannot change my laptops brightness

Compile this, set the sticky bit on the executable, and invoke it when you want to run the command.

#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <unistd.h>

int main()
{
    setuid( 0 );   // you can set it at run time also
    system( "COMMAND THAT YOU WISH TO RUN" );
    return 0;
 }

btw I use Arch

Offline

#5 2020-07-29 04:14:34

GaKu999
Member
Registered: 2020-06-21
Posts: 124

Re: I cannot change my laptops brightness

VDmvKcW9JamBSir5fNfehqpG wrote:

Compile this, set the sticky bit on the executable, and invoke it when you want to run the command.

#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <unistd.h>

int main()
{
    setuid( 0 );   // you can set it at run time also
    system( "COMMAND THAT YOU WISH TO RUN" );
    return 0;
 }

Ah yes, the good o’l privilege escalation...the best way to create a security loophole in your system!

Please OP don’t make 100 random executables like this and spread them around in your system...

There’s a reason why sticky bit on root owned binaries is not recommended, like beep for example!

EDIT: late night derp probably...will leave it there in case it’s actually correct but can’t find whatever got stuck in my memory that convinced me of that...

Last edited by GaKu999 (2020-07-29 04:33:46)

Offline

#6 2020-07-29 11:55:42

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 23,934
Website

Re: I cannot change my laptops brightness

Oh dear lord.  Sticky-bit + setuid + execv would be foolish, but sticky-but + setuid + system is astronomically stupid and dangerous which is made quite clear in the man page for that function.  Simply having such a binary on your system completely compromises *everything* as it is completely trivial to then run *anything* as root.

Last edited by Trilby (2020-07-29 12:45:37)


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#7 2020-07-29 12:13:50

ondoho
Member
Registered: 2013-04-30
Posts: 638
Website

Re: I cannot change my laptops brightness

Am I understanding this correctly:
I can write a C program that will execute any command as root without asking for a password, and I can start this program as any user?


However studied and stilted your rant, it can never hide the base and primitve emotion that inspired it.

Offline

#8 2020-07-29 12:31:16

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 23,934
Website

Re: I cannot change my laptops brightness

Of course.  That's what sudo is capable of doing, right?

That's the glory / evil of the sticky bit.


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#9 2020-07-29 12:39:36

ondoho
Member
Registered: 2013-04-30
Posts: 638
Website

Re: I cannot change my laptops brightness

Wow. I never knew.
One has to be really careful what one marks executable.
What I don't understand: why don't I see script kiddies applying this all the time in some ill-conceived self-written software? Surely there must be some glaring caveat?


However studied and stilted your rant, it can never hide the base and primitve emotion that inspired it.

Offline

#10 2020-07-29 12:45:01

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 23,934
Website

Re: I cannot change my laptops brightness

STICKY BIT, not executable.  (Though yes, one should be careful what they mark executable as well for other reasons.)

Root permission is needed at some point to set the sticky bit and assign root ownership to the binary before this can have it's useful/dangerous effect.  So J Random Hacker can't just give you a binary to run and take advantage of this that easily.

But this is why (many) people are suspicious of programs requiring the sticky bit be set.  Sudo is generally accepted - though it has faced critique over this.  I use the physlock screen locker which lots of people swear off of simply because it requires the sticky bit to do it's thing.  Ping is another one that is well tolerated because it has a very limited scope on what it does with root permission (and it drops root permission ASAP) - but even that now has alternatives specifically to avoid using the sticky bit (all the "capabilities" stuff which I'm the wrong guy to ask about).

The real problem is when you add the "system()" call it makes it even easier to abuse.  Any exec'ed subprocess could be hijacked without too much work, but the system() function just leave to door WIDE WIDE open practically begging to be abused.

Last edited by Trilby (2020-07-29 12:53:16)


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#11 2020-07-29 13:01:02

ondoho
Member
Registered: 2013-04-30
Posts: 638
Website

Re: I cannot change my laptops brightness

edit: I wrote this before you expanded your previous post. hold on a few minutes.

Yes yes, I understood that part, but that's not what shocks me.
What shocks me is the setuid(0) part of the C code above - can any user become root without giving any credentials, and execute any other command?
E.g., I could use

setuid( 0 ); // you can set it at run time also
system( "/usr/bin/xterm" );
return 0;

compile, set the sticky bit, and get an instant root terminal?
(I just tested this and it does not seem to work)

Last edited by ondoho (2020-07-29 13:01:50)


However studied and stilted your rant, it can never hide the base and primitve emotion that inspired it.

Offline

#12 2020-07-29 13:03:44

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 23,934
Website

Re: I cannot change my laptops brightness

Yes, that would work if the binary is owned by root:root which I'd suspect is the part you were missing in your test.

Note this is also why sudoers requires full paths to binaries, because it should use execv/execl and most definitely not execvp/execlp as the latter two functions would be subject to the same absolutely trivial attack as system().


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#13 2020-07-29 13:09:48

ondoho
Member
Registered: 2013-04-30
Posts: 638
Website

Re: I cannot change my laptops brightness

^ Yes.

Trilby wrote:

Root permission is needed at some point to set the sticky bit and assign root ownership to the binary before this can have it's useful/dangerous effect.  So J Random Hacker can't just give you a binary to run and take advantage of this that easily.

That was the missing bit. I needed root privileges to change ownership of the compiled file, root privileges to set the sticky bit.
But then it does just that: instant root terminal without entering credentials. Still scary, but consider me un-shocked (what I envisioned would've completely invalidated Linux ownership & permissions structure).

Sorry everyone, back on topic.

Last edited by ondoho (2020-07-29 13:10:24)


However studied and stilted your rant, it can never hide the base and primitve emotion that inspired it.

Offline

#14 2020-07-29 13:38:31

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 17,363

Re: I cannot change my laptops brightness

Can we get back on topic, please.   Yes, one can configure sudo to allow a user (or group) to run a privileged program with escalated rights without requiring a password.  It is probably your best solution.
I do use the sticky bit.  In this case, I might just set the sticky bit on xbacklight itself (I am pretty sure it is a binary, not a script).

But, a script like that proposed in post #4, while it might accomplish what you are looking for, is wrong on a lot of levels.  ondoho, I just saw your back on topic request as I write this.  I concur.


Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

Offline

#15 2020-07-29 15:19:54

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 23,934
Website

Re: I cannot change my laptops brightness

ewaller wrote:

one can configure sudo to allow a user (or group) to run a privileged program with escalated rights without requiring a password.  It is probably your best solution.

Why is it better than the solution presented in the wiki of simply assigning the device to a group the user is in (e.g., "video").  There is no need to get root permission everytime the key is pressed.


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#16 2020-07-29 19:04:04

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 17,363

Re: I cannot change my laptops brightness

Trilby wrote:
ewaller wrote:

one can configure sudo to allow a user (or group) to run a privileged program with escalated rights without requiring a password.  It is probably your best solution.

Why is it better than the solution presented in the wiki of simply assigning the device to a group the user is in (e.g., "video").  There is no need to get root permission everytime the key is pressed.

It's not.  I look at this stuff exactly one time per machine I set up.  They say memory is the first thing to go; I forget what comes second.


Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

Offline

Board footer

Powered by FluxBB