1 Topic by Ribby (edited by Ribby 2025-02-11 23:29:39)

  • Ribby
  • Beginner
  • Offline
  • Registered: 2025-01-26
  • Posts: 12

Topic: [Solution] DE session hosted tty in suspended error

I was just researching slock, when I read claims about its failure against tty. Not that the scenario is any different from users switching terminal screens for some reason. I recall that tty might be for OS installation and setup, but the internet may find new things about tty. After reading some instructions, I test tty (Ctrl + Alt + F# keyboard buttons) during DE session on a different OS. Nothing much, save for the login prompt. I returned to the currently active tty, which logs me back to the DE session.

Now, it is the moment of truth, I test tty on my Hyperbola GNU/Linux-libre OS setup. When I went back to the DE session, the hosting tty takes me back to console session with an error. The error just hangs there. I tried tap keystrokes on Ctrl + C keyboard buttons. They cancel the error as suspected, but I am now on console session. Tapping Ctrl + C keyboard buttons again log me out to console login prompt. Dreading about the cancel command with such powers despite specific conditions, I decided to test tty against slock.

I activated slock, then rerun the tty test. To my dismay, the error manage to override both slock lockscreen function and DE session. With one cancel command, I was able to run and write files/functions without effort. I even log back into DE session. tty on this OS is a major vulnerability that needs to be taken care of asap.

Research provided hints about slock's security consideration. After learning the fix, whereabouts of the xorg config file in question, remains to be seen. I later found a list of possible directories hiding the  xorg confile file. Finally, I found a directory path with config files, but which ones? Since the error conflicts with DE, I assume video drivers. Fix of video driver config files and a reboot, managed to prevent access to tty screens. Hyperbola GNU/Linux-libre is a step closer to service/function freedom.

Upon reflection, the incident made me think about possible causes. Since patching up the video drivers, I  blame video drivers as the fault actors. No doubt that they support DE, but there is culpability for misconfiguration. Imagine if an evil maid attack (or cyberattack) breach a OS this way? Easy pickings, easy pickings. Cover-ups too!
Proprietary brands that create backdoors, expose victims to trespassing. In the light of this situation, civil action, (libre) MFA, and libre VGA/SDL drivers must stand for liberty and justice for all.

https://man.archlinux.org/man/xorg.conf.5.en
https://man.archlinux.org/man/slock.1.en

# nano /usr/share/X11/xorg.conf.d/##-videodriver.conf

Within /usr/share/X11/xorg.conf.d/##-videodriver.conf, check that the following parameter values are set in place.

Section "OutputClass"
    Identifier "?"
    MatchDriver "?"
    Driver "?"
EndSection

Section "ServerFlags"
    Option "DontVTSwitch" "True"
    Option "DontZap"      "True"
EndSection
# reboot

Test tty during DE session.

---

I encourage people to write these instructions to the video driver installation page. The more and faster good people know about it, the better. I know that this topic may put a dent on Hyperbola GNU/Linux-libre, but as long the pace is on cue, things will improve in effort and time. I'm am sure that this is not the first blunder in GNU/Linux-libre development so things should be looking up.
https://wiki.hyperbola.info/doku.php?id … stallation
I also suggest implementation of (libre) PAM, even if it was by custom installation. Vetting packages to libre standards would help accomplish goals. A far fetch idea is a libre VGA/SDL. These functions have consistently work when graphic cards may fail to render (or even allow unauthorized user privileges) for a variety of reasons.

2 Reply by throgh

  • throgh
  • throgh
  • Package Development and Community Coordinator
  • Offline
  • From: Planet Earth
  • Registered: 2017-12-28
  • Posts: 2,996

Re: [Solution] DE session hosted tty in suspended error

Two annotations here: First your are comparing Hyperbola GNU/Linux-libre with what exact other operating-system under what exact other circumstances? You cannot provide just the error without giving more insights about the surroundings: The computer and its used hardware, the installed drivers, the pre-configurations. All those variables are important to replicate a possible issue.

Coming then to the second point, to quote:

tty on this OS is a major vulnerability that needs to be taken care of asap.

Your conclusion is not working as you make direct an assumption without providing possible ways to replicate. Also you leave in the darkness how you have started your X-session. It was mentioned several times in the IRC that there are many ways forward: Do you use a daemonized login-manager? Are you using startx from within the terminal-session? I have tried to replicate your scenario and it was not possible as described for me.

Please also do not use terms like "taken care asap" under such circumstances, Ribby. Provide a working guide with also providing your used configuration (hard- and software). Your conclusion and solution is also not possible to "taken care of asap". Or do you think we have a magical item to guess the configuration of users and then enforce them to use the intel-drivers instead of modesetting or others?

Coming now to your other points: There is no direct libre MFA-implementation (Multi-factor authentication) besides in fact there is also no real MFA-process at all: Your mobile device is definitely not running a full free and libre system. Your other factors are perhaps not running on full free and libre services. You have also not complete control over all factors in the end of the day. And then we are coming to the point of trust: Very important, but also here ... who is hosting what and in what dimensions? You pick the wrong end here with the call for free and libre MFA as hosting the full population of mankind on free, libre services makes again a centralized service with much control and hosting decentralized services is not making more efforts in regards of energy and environment. For PAM there is also not much of a chance, aside you find a simplified alternative? But please: One topic at a time, not mixing several points into one with calling out more from a small team here. So please keep also the topic simple for one point and report, not three or more.

A possible way forward: Which video-drivers under what circumstances? You have left out those values open. Please think a bit further there: At the end of the day people will ask for every parameter therefore and someone has to answer the questions. If you want to support here, we can work out for sure some parts. But also here: We would need test-installations on all possible hardware-combinations, Intel, NVidia (Nouveau) and ATI / AMD.

And at last also: Besides all variables already mentioned, is this a point for xdm or slim, or even lxdm (being in testing when time is)? So beginning such a thread is NOT a fair working way forward especially as it seems that you have for the moment this issue and I have no doubt about its impact for you. But this does not mean others have it the same way. This operating-system (OS) is therefore not unsafe and I ask you to hold on for the moment with assumptions and claims in that direction. I invite you to attend therefore within this thread here now you have created to find solutions viable working forward and this includes NOT some user-defined configuration we have no influence on - therefore the sarcastic note about magical items. Everything we would do for the moment would be guessing, development and configuration of software is not based on guessing but on facts. Facts can be learned or enumerated surely also with the concept of "try and error", but this is nevertheless far away from this stage now.

Human being in favor with clear principles and so also for freedom in soft- and hardware!

Certainly anyone who has the power to make you believe absurdities has the power to make you commit injustices: For a life of every being full with peace and kindness, including diversity and freedom. Capitalism is destroying our minds, the planet itself and the universe in the end!

3 Reply by throgh

  • throgh
  • throgh
  • Package Development and Community Coordinator
  • Offline
  • From: Planet Earth
  • Registered: 2017-12-28
  • Posts: 2,996

Re: [Solution] DE session hosted tty in suspended error

Adding now a possible different approach without any driver guess:

1. You create a file named /etc/X11/xorg.conf.d/10-xorg.conf.

2. You add the following information within this file:

Section "ServerFlags"
    Option "DontVTSwitch" "Yes"
    Option "DontZap" "Yes"
EndSection

3. Do not forget that those changes only adapt after a complete restart of your X-session / the X-server.

This would need a concrete test. Nevertheless this is not to be added within any package until all clearly was tested. So I finally conclude also for the moment: Please let us reduce the drama-level quite a bit. Attack-vectors and security-issues are important. But foremost important is stating the information and facts. Using citations and quotes like I underlined before is not working in many ways: First and foremost it is not good just to compare Hyperbola with "whatever else system" (that is not a clear fact anyone can recheck) and also leave out the system-environment fully out (also not a fact-based enumeration). Variables are needed to be clear defined otherwise we cannot solve anything! So please do not use such parts again until you have a clear way to replicate errors and provide all needed information:

tty on this OS is a major vulnerability that needs to be taken care of asap.

The terminal is NOT a major vulnerability. Using the X-server the same also not. It depends on the variations and configurations. I leave this thread opened for a time now. So there is a possible way to provide retests. If there is no provided information then I will close this one! Just also to name the points: Working on and with free software is always a work together, not to hand out some work to someone else and await then a solution. smile

Human being in favor with clear principles and so also for freedom in soft- and hardware!

Certainly anyone who has the power to make you believe absurdities has the power to make you commit injustices: For a life of every being full with peace and kindness, including diversity and freedom. Capitalism is destroying our minds, the planet itself and the universe in the end!

4 Reply by Ribby (edited by Ribby 2025-02-12 20:18:54)

  • Ribby
  • Beginner
  • Offline
  • Registered: 2025-01-26
  • Posts: 12

Re: [Solution] DE session hosted tty in suspended error

The other tested OS is PureOS, the involved factors include xorg/xenocara config of video drivers.
https://wiki.hyperbola.info/doku.php?id … stallation

Before I found the tty error, I recall that I was testing an custom user account (with or without a password) on the display manager (DM) login/greeter screen. I took out the display manager and custom user account with password can pass the console login prompt (somehow the DM won't register the input, but then again, it isn't the console session to begin with [it's like GNU Grub bootloader, except it fails to register accounts {even grub config can provide a working login prompt that registers an account with a password ((DMs that learn plenty from grub, in fact, grub might as well replace the DM login/greeter screen function))}]). As for the startx console command, I believe that it runs after xenocara/xorg software/dependencies/services installation/setup. See cited reference here: https://wiki.hyperbola.info/doku.php?id … cara#xinit

You have mention no direct libre MFA-implementation (Multi-factor authentication), maybe there is a indirect variant? Maybe there is a way to make a local MFA process to register with a certain computer, but I believe its reach is only per hosting machine. There is also a chance for a evil maid attack to result in a soft lockout. Such scenarios would influence my preference elsewhere.

The video driver in question would be ATI / AMD. Now that you mentioned xdm, slim, or even lxdm, I think that the issue might not start with the video drivers. I did remove the DM so there is a chance that the tty error would be the result of such removal. To be specific in detail, I removed xorg-xdm and its dependencies/configurations/services. I removed its services from rc-update. The removals must be the source of my tty issue, not that I care for broken DMs when I have alternative grub method.

---

I could try your without guess method. I did find my video driver specific directory path. As for startx, it appears that a reboot would suffice. I could try the command in console session, then reboot to see what happens next.

5 Reply by throgh

  • throgh
  • throgh
  • Package Development and Community Coordinator
  • Offline
  • From: Planet Earth
  • Registered: 2017-12-28
  • Posts: 2,996

Re: [Solution] DE session hosted tty in suspended error

Please let's focus on point by point for a solution. See the problem here is that there are many variables in this and we need to control every single one. So the first point is in fact to bring your X-server to that exact configuration without the video-driver. If this works generic it is possible to include a simple example-configuration in the packages xenocara-server and xenocara-server-debug as the corresponding folder is created exactly there.

This error you have described can be the result of several possible issues and not be generic part of the system. So working nevertheless on a possible secure option to be activated at choice is not a bad decision.

Human being in favor with clear principles and so also for freedom in soft- and hardware!

Certainly anyone who has the power to make you believe absurdities has the power to make you commit injustices: For a life of every being full with peace and kindness, including diversity and freedom. Capitalism is destroying our minds, the planet itself and the universe in the end!

6 Reply by Ribby

  • Ribby
  • Beginner
  • Offline
  • Registered: 2025-01-26
  • Posts: 12

Re: [Solution] DE session hosted tty in suspended error

On terms of video drivers, I exclusively tested video drivers (xenocara-video-dummy, xenocara-video-vesa, and xorg-video-fbdev) for booting into the DE session. So far, xenocara-video-ati is the only video driver that works. ATI / AMD is the default video hardware for the computer in question.

List of video drivers.
https://www.hyperbola.info/groups/i686/xenocara-video/

---

By request, I also tried removing all video drivers, startx, and reboot. I cannot boot into the DE session. If you have more requests regarding factors, I'll do what I can to help.

7 Reply by throgh

  • throgh
  • throgh
  • Package Development and Community Coordinator
  • Offline
  • From: Planet Earth
  • Registered: 2017-12-28
  • Posts: 2,996

Re: [Solution] DE session hosted tty in suspended error

Again to underline: I have proposed a possible solution so we need therefore feedback on this. Please test the situation as described here: https://forums.hyperbola.info/viewtopic … 8567#p8567

Also a concrete hardware-listing is another point asked earlier in this thread: What hardware is exactly used in the corresponding system? When there is a graphicscard from AMD / ATI, you are correct when using the corresponding video-driver. But also to mention that every card from AMD / ATI is not compliant with a free, libre system. The reasoning here is that for 3D-acceleration those cards need a non-free firmware-blob foremost to make usage of all features. With some quircks and mitigations you have a graphical output, but no further 3D-support in any way. So especially cards from ATI / AMD are not freedom-friendly!

Human being in favor with clear principles and so also for freedom in soft- and hardware!

Certainly anyone who has the power to make you believe absurdities has the power to make you commit injustices: For a life of every being full with peace and kindness, including diversity and freedom. Capitalism is destroying our minds, the planet itself and the universe in the end!

8 Reply by throgh

  • throgh
  • throgh
  • Package Development and Community Coordinator
  • Offline
  • From: Planet Earth
  • Registered: 2017-12-28
  • Posts: 2,996

Re: [Solution] DE session hosted tty in suspended error

For a reported issue with "this needs to be resolved asap" there is not that much feedback: I have tested alone the issue and can report that the proposed solution is working without problems - here again to link the proposal: https://forums.hyperbola.info/viewtopic … 8567#p8567
Besides to note again: I have not seen the issue itself, so I only tested the proposal itself and if there is the environment as the x-server itself is behaving like to await.

The package xenocara-server will from now on include an example configuration for everyone to activate it when needed. If there is such an issue described within here, this can help.

Thread closed: Please respect that when an issue is reported with wordings like to quote ...

tty on this OS is a major vulnerability that needs to be taken care of asap.

... we immediately react and ask for further research. If there is not a helping hand, we will take action as said. We have neither the time to wait for feedback nor we are willing to debate several times and repeat needed information. Issue-tracking is not working alike this and claiming that there is a severe security-issue is a point to take action from all sides. Now after the research this is not that critical, but we nevertheless add options for more security.

Personal noted: Yes, everyone has not always time. But to await from us that we react and do something "asap" is something different, where we await also to help "asap" when we need informtion and ask for further research done together. That's how free, libre culture works!

Human being in favor with clear principles and so also for freedom in soft- and hardware!

Certainly anyone who has the power to make you believe absurdities has the power to make you commit injustices: For a life of every being full with peace and kindness, including diversity and freedom. Capitalism is destroying our minds, the planet itself and the universe in the end!