[Xastir] Trap for Young and Old

Lee Bengston lee.bengston at gmail.com
Mon Jun 23 23:39:08 EDT 2014 

On Mon, Jun 23, 2014 at 6:36 AM, Liz <edodd at billiau.net> wrote:

> On Wed, 18 Jun 2014 21:31:29 -0700 (PDT)
> "Curt, WE7U" <curt.we7u at gmail.com> wrote:
>
> > On Wed, 18 Jun 2014, Jason KG4WSV wrote:
> >
> > > On Wed, Jun 18, 2014 at 2:00 PM, Curt, WE7U <curt.we7u at gmail.com>
> > > wrote:
> > >> Xastir does this, but would you want to trust security of your
> > >> system to a bunch of hobbyists?  ;-)
> > >
> > > 'cause that's not something linux users are familiar with. :|
> >
> > I think we might have more of a lack of security-trained Linux people
> > on our development team...
> >
> >
> > >> Technically it isn't a problem:  The AX.25 networking port is
> > >> implemented similarly to ethernet ports in terms of permissions.
> > >>
> > >> For Xastir to be able to access the port, it needs root privileges.
> > >
> > > So you can't just chmod 666 /dev/ax25 (or whatever) so that xastir
> > > can access it running as joe user?
> >
> > I would think that would work as well, so one would need to tweak the
> > udev scripts perhaps.  I'm no expert on that, having only hacked on
> > them a few times myself for other reasons.  This would be a bit more
> > difficult for a newbie to figure out and hack on any given system.
> > There may be details that change from OS to OS and from version to
> > version.  Worth a shot though as an alternate method.
> >
>
> Got caught with the same problem this Sunday.
> For Debian packaging it would be possible to insert a question into the
> post-install script to ask if you want xastir set with permissions 4755
> - or whatever other solution is determined as best for the problem.
>
> I'm not sure how the calife or chiark-really alternates to sudo would
> be better than the current system.
>

In my mind the update-xastir script ​is provided as a courtesy - a little
optional tool to make things easier.  If you manually update Xastir by
downloading a new set of files from CVS and re-compiling, you will do the
same thing - overwrite the xastir executable with a new one that has the
default permissions.  I don't really view this as a problem - I do realize
it can be difficult to remember that you changed the permissions of the
xastir executable when you first installed it.  The only way I could see
the script being modified is to have it look into the configuration file(s)
in the ~/.xastir directory and determine if a least one AX25 interface is
configured.  If yes, then prompt the user asking if he/she would like to
apply the 4755 permissions change.  That's a level of sophistication I
doubt was ever intended for that script, however.

Lee - K5DAT

More information about the Xastir mailing list