#264626 root cannot use the serial port

Package:
cu
Source:
uucp
Description:
call up another system
Submitter:
Joshua Kwan
Date:
2017-09-21 18:06:05 UTC
Severity:
minor
#264626#5
Date:
2004-08-09 17:25:09 UTC
From:
To:
Hi,

$ cu -l /dev/ttyS1
Connected.
~.
Disconnected.
$ su
# cu -l /dev/ttyS1
cu: open (/dev/ttyS1): Permission denied
cu: /dev/ttyS1: Line in use

Well, here's why:

setregid32(0, 0)                        = 0
setreuid32(10, 10)                      = 0
open("/dev/ttyS1", O_RDWR|O_NONBLOCK)   = -1 EACCES (Permission denied)

I understand that cu wants to drop privileges for security reasons, but
can it at least open the port first?

Thanks
Josh

#264626#10
Date:
2007-02-15 01:33:00 UTC
From:
To:
I'm checking in to see whether any workarounds exist for this bug.
#264626#15
Date:
2010-03-11 20:54:41 UTC
From:
To:
It seems that issueing
# chown uucp /dev/ttyUSB1

helps at issueing :
# cu -s 115200 -l /dev/ttyUSB1

That seems very strange to me when I'd expect root to be almighty.

Hope this helps.

Best regards,

#264626#20
Date:
2011-03-21 10:58:08 UTC
From:
To:
When I last looked this bug was a straight mismatch, ttyS0 is in "dialout",
and it tries to set ownership to "uucp" when run as root, hence the
workarounds given previously.

I wrote this, time may have passed.

http://www.debian-administration.org/users/simonw/weblog/36

I don't think the sensitive security calls are needed, I suspect all they do
is break the command for root, but I'm no system programmer.

#264626#25
Date:
2013-08-11 08:50:09 UTC
From:
To:
Reading this bug report and linked material there appears to be the following problem.
(NB: I have not had a look at the code or tested these ideas so my analysis may be flawed)

Current flow when cu is started by root user:
(A) cu is started by root:root
(B) cu changes effective user:group to uucp:root
(C) Debian serial ports are owned by root:dialout
(D) Therefore cu started by root cannot open serial port! FAIL!


So there are 5 possible solutions:
(1) change cu so that effective user is root (i.e. drop B above )then can open standard serial port
-or-
(2) change cu so that effective GROUP is dialout (i.e extend B above to also change group) then can open standard serial port
-or-
(3) change serial port owner(user) to uucp (fiddle with C above) then standard cu will work for root and users in dialout group
-or-
(4) change serial port owning GROUP to root  (fiddle with C above) then cu will work for root but not users in dialout group -> FAIL!
-or-
(5) Add the root user to the dialout group

OK so (4) is stupid.
Changing (3) is also probably silly as we would likely break other things

(5) would be a documentation issue but means things don't just work "out of the box" as it were. This may already be in Debian.Readme: I have not looked.
(1) might be wise to leave this in incase sysadmin makes cu setuid root and expects standard cu behaviour.

Which brings me back to (2) where an extra system call is added next to the one that drops root ownership to drop root-group-ship (if that is a word) leaving effective group as dialout.

In conclusion I suspect that some variant of (2) or (5) is the way forward for the Debian package.

Regards
Alex Owen

#264626#30
Date:
2017-09-21 18:02:04 UTC
From:
To:
Please advise if you are available to partner with my company as our AR personnel in North America.