You are not logged in.

#1 2020-07-27 18:50:13

IgnisDa
Member
Registered: 2020-07-27
Posts: 5

I cannot change my laptops brightness

`xbacklight -set 50` gives ``/usr/bin/xbacklight: [Errno 13] Permission denied: '/sys/class/backlight/amdgpu_bl0/brightness'``. Running it with ``sudo`` fixes the problem, but I want to bind the RaiseBrightness button (I am using i3) to this, and i cannot put sudo in the i3 config file. I tried adding my username to the ``sys`` group but the same problem still occurs.

Last edited by IgnisDa (2020-07-27 18:50:34)

Offline

#2 2020-07-27 19:09:20

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,442
Website

Re: I cannot change my laptops brightness


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#3 2020-07-27 19:30:05

Slithery
Administrator
From: Norfolk, UK
Registered: 2013-12-01
Posts: 5,776

Re: I cannot change my laptops brightness

IgnisDa wrote:

and i cannot put sudo in the i3 config file.

Why not?


No, it didn't "fix" anything. It just shifted the brokeness one space to the right. - jasonwryan
Closing -- for deletion; Banning -- for muppetry. - jasonwryan

aur - dotfiles

Offline

#4 2020-07-29 03:48:35

VDmvKcW9JamBSir5fNfehqpG
Member
From: Earth
Registered: 2019-12-30
Posts: 59

Re: I cannot change my laptops brightness

Compile this, set the sticky bit on the executable, and invoke it when you want to run the command.

#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <unistd.h>

int main()
{
    setuid( 0 );   // you can set it at run time also
    system( "COMMAND THAT YOU WISH TO RUN" );
    return 0;
 }

Offline

#5 2020-07-29 04:14:34

GaKu999
Member
From: US/Eastern
Registered: 2020-06-21
Posts: 696

Re: I cannot change my laptops brightness

VDmvKcW9JamBSir5fNfehqpG wrote:

Compile this, set the sticky bit on the executable, and invoke it when you want to run the command.

#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <unistd.h>

int main()
{
    setuid( 0 );   // you can set it at run time also
    system( "COMMAND THAT YOU WISH TO RUN" );
    return 0;
 }

Ah yes, the good o’l privilege escalation...the best way to create a security loophole in your system!

Please OP don’t make 100 random executables like this and spread them around in your system...

There’s a reason why sticky bit on root owned binaries is not recommended, like beep for example!

EDIT: late night derp probably...will leave it there in case it’s actually correct but can’t find whatever got stuck in my memory that convinced me of that...

Last edited by GaKu999 (2020-07-29 04:33:46)


My reposSome snippets

Heisenberg might have been here.

Offline

#6 2020-07-29 11:55:42

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,442
Website

Re: I cannot change my laptops brightness

Oh dear lord.  Sticky-bit + setuid + execv would be foolish, but sticky-but + setuid + system is astronomically stupid and dangerous which is made quite clear in the man page for that function.  Simply having such a binary on your system completely compromises *everything* as it is completely trivial to then run *anything* as root.

Last edited by Trilby (2020-07-29 12:45:37)


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#7 2020-07-29 12:13:50

ondoho
Member
Registered: 2013-04-30
Posts: 692
Website

Re: I cannot change my laptops brightness

Am I understanding this correctly:
I can write a C program that will execute any command as root without asking for a password, and I can start this program as any user?

Offline

#8 2020-07-29 12:31:16

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,442
Website

Re: I cannot change my laptops brightness

Of course.  That's what sudo is capable of doing, right?

That's the glory / evil of the sticky bit.


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#9 2020-07-29 12:39:36

ondoho
Member
Registered: 2013-04-30
Posts: 692
Website

Re: I cannot change my laptops brightness

Wow. I never knew.
One has to be really careful what one marks executable.
What I don't understand: why don't I see script kiddies applying this all the time in some ill-conceived self-written software? Surely there must be some glaring caveat?

Offline

#10 2020-07-29 12:45:01

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,442
Website

Re: I cannot change my laptops brightness

STICKY BIT, not executable.  (Though yes, one should be careful what they mark executable as well for other reasons.)

Root permission is needed at some point to set the sticky bit and assign root ownership to the binary before this can have it's useful/dangerous effect.  So J Random Hacker can't just give you a binary to run and take advantage of this that easily.

But this is why (many) people are suspicious of programs requiring the sticky bit be set.  Sudo is generally accepted - though it has faced critique over this.  I use the physlock screen locker which lots of people swear off of simply because it requires the sticky bit to do it's thing.  Ping is another one that is well tolerated because it has a very limited scope on what it does with root permission (and it drops root permission ASAP) - but even that now has alternatives specifically to avoid using the sticky bit (all the "capabilities" stuff which I'm the wrong guy to ask about).

The real problem is when you add the "system()" call it makes it even easier to abuse.  Any exec'ed subprocess could be hijacked without too much work, but the system() function just leave to door WIDE WIDE open practically begging to be abused.

Last edited by Trilby (2020-07-29 12:53:16)


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#11 2020-07-29 13:01:02

ondoho
Member
Registered: 2013-04-30
Posts: 692
Website

Re: I cannot change my laptops brightness

edit: I wrote this before you expanded your previous post. hold on a few minutes.

Yes yes, I understood that part, but that's not what shocks me.
What shocks me is the setuid(0) part of the C code above - can any user become root without giving any credentials, and execute any other command?
E.g., I could use

setuid( 0 ); // you can set it at run time also
system( "/usr/bin/xterm" );
return 0;

compile, set the sticky bit, and get an instant root terminal?
(I just tested this and it does not seem to work)

Last edited by ondoho (2020-07-29 13:01:50)

Offline

#12 2020-07-29 13:03:44

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,442
Website

Re: I cannot change my laptops brightness

Yes, that would work if the binary is owned by root:root which I'd suspect is the part you were missing in your test.

Note this is also why sudoers requires full paths to binaries, because it should use execv/execl and most definitely not execvp/execlp as the latter two functions would be subject to the same absolutely trivial attack as system().


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#13 2020-07-29 13:09:48

ondoho
Member
Registered: 2013-04-30
Posts: 692
Website

Re: I cannot change my laptops brightness

^ Yes.

Trilby wrote:

Root permission is needed at some point to set the sticky bit and assign root ownership to the binary before this can have it's useful/dangerous effect.  So J Random Hacker can't just give you a binary to run and take advantage of this that easily.

That was the missing bit. I needed root privileges to change ownership of the compiled file, root privileges to set the sticky bit.
But then it does just that: instant root terminal without entering credentials. Still scary, but consider me un-shocked (what I envisioned would've completely invalidated Linux ownership & permissions structure).

Sorry everyone, back on topic.

Last edited by ondoho (2020-07-29 13:10:24)

Offline

#14 2020-07-29 13:38:31

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 19,739

Re: I cannot change my laptops brightness

Can we get back on topic, please.   Yes, one can configure sudo to allow a user (or group) to run a privileged program with escalated rights without requiring a password.  It is probably your best solution.
I do use the sticky bit.  In this case, I might just set the sticky bit on xbacklight itself (I am pretty sure it is a binary, not a script).

But, a script like that proposed in post #4, while it might accomplish what you are looking for, is wrong on a lot of levels.  ondoho, I just saw your back on topic request as I write this.  I concur.


Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

Offline

#15 2020-07-29 15:19:54

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,442
Website

Re: I cannot change my laptops brightness

ewaller wrote:

one can configure sudo to allow a user (or group) to run a privileged program with escalated rights without requiring a password.  It is probably your best solution.

Why is it better than the solution presented in the wiki of simply assigning the device to a group the user is in (e.g., "video").  There is no need to get root permission everytime the key is pressed.


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#16 2020-07-29 19:04:04

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 19,739

Re: I cannot change my laptops brightness

Trilby wrote:
ewaller wrote:

one can configure sudo to allow a user (or group) to run a privileged program with escalated rights without requiring a password.  It is probably your best solution.

Why is it better than the solution presented in the wiki of simply assigning the device to a group the user is in (e.g., "video").  There is no need to get root permission everytime the key is pressed.

It's not.  I look at this stuff exactly one time per machine I set up.  They say memory is the first thing to go; I forget what comes second.


Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

Offline

#17 2020-08-19 03:17:10

fistrosan
Member
Registered: 2020-04-01
Posts: 168

Re: I cannot change my laptops brightness

Would it not be a much better solution (i.e. safer) to simply change the group ownership of /sys/class/backlight/amdgpu_bl0/brightness to wheel or something like that ? That way users of that group can modify that, AND ONLY THAT, file. If the ownership goes back to root:root after reboot you could add an udev rule in /etc/udev/rules.d/ to change the group back to wheel. For instance I have in /etc/udev/rules.d/backlight.rules the following two lines:

RUN+="/bin/chgrp wheel /sys/class/backlight/intel_backlight/brightness"
RUN+="/bin/chmod g+w /sys/class/backlight/intel_backlight/brightness"

I think if you just change intel_backlight for amdgpu_bl0 you should be fine.

Edit: of well, it seems I just copied and pasted the content of the arch wiki liked by Trilby ... too late sad

Last edited by fistrosan (2020-08-19 03:20:21)

Offline

#18 2020-08-19 03:21:10

VDmvKcW9JamBSir5fNfehqpG
Member
From: Earth
Registered: 2019-12-30
Posts: 59

Re: I cannot change my laptops brightness

Yes, based on the drama I caused with my solution, your solution is probably better.

Offline

#19 2020-08-20 09:40:43

Marterijn
Member
Registered: 2019-01-13
Posts: 1

Re: I cannot change my laptops brightness

Without endlessly deviating from the subject: try adding yourself to the video group.

Offline

#20 2020-08-20 12:05:52

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,442
Website

Re: I cannot change my laptops brightness

That's not deviating from the subject - that IS the subject and is covered in the very first reply.  The OP, however, seems to have vanished.


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#21 2020-08-20 14:51:27

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 19,739

Re: I cannot change my laptops brightness

Trilby wrote:

That's not deviating from the subject - that IS the subject and is covered in the very first reply.  The OP, however, seems to have vanished.

Indeed.   In fact the OP left the forums 3 minutes after their first post, and have not been back since.
Closing this thread until and unless the OP reports the thread to have it reopened.


Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

Offline

Board footer

Powered by FluxBB