KBDLOAD(1M) RISC/os Reference Manual KBDLOAD(1M)
NAME
kbdload - load or link kbd tables
SYNOPSIS
kbdload [-p] filename
kbdload -u table
kbdload {-L -l} string
DESCRIPTION
Tables included in the file filename are loaded into the
kbdstrm(7) module, which must already have been pushed into
the standard input Stream. (In this context loaded means
copied from a disk file into main memory within the operat-
ing system.) This program is intended both to provide for
loading and linking of both shared or public tables and
private tables implementing user-specific functionality. New
users should refer to kbdcomp(1M) and kbdstrm(7) for a gen-
eral description of the module's capabilities.
Files are searched for only by the name given on the command
line; no search path is implied. Tables loaded by the super
user with the -p option from an absolute path beginning at
/usr/lib/kbd are made publicly available and permanently
resident, otherwise the loaded tables are available only to
the caller, and are automatically unloaded when the kbdstrm
module is popped from the Stream.
The -u option can be used to unload private tables and by
the super-user to remove public tables. Tables may be
unloaded only if they are not currently in use. (Tables
which are members of composite tables always have non-zero
reference counts since they are "used" in the composite; all
composites which refer to them must be unloaded first.)
The -L and -l options are used for making composite tables
on-the-fly. The -L option, if executed by the super-user,
causes the composite to be made publicly available; it is
otherwise private and -L is equivalent to -l. The string
argument is constructed in the same manner as the link
statement (see kbdcomp(1M)) in the compiler. If any com-
ponent of the intended composite is not presently loaded in
memory or if a component of a public table is not also pub-
lic, an error message is printed and the linkage fails. More
than one composite may be created in a single invocation by
using either option sequentially.
Security Issues
Allowing users other than the super-user to load public
tables is a security risk and is thus disallowed. (In gen-
eral, any manipulation of a module instance by a user who is
Printed 11/19/92 Page 1
KBDLOAD(1M) RISC/os Reference Manual KBDLOAD(1M)
neither the super-user nor the user who originally pushed it
is allowed.) The library directory and all files contained
in it should be protected by being unwritable. Administra-
tors are encouraged to remember that the kbdstrm system can
be used to arbitrarily re-map the entire keyboard of a ter-
minal, as well as the entire output Stream; thus in
extremely hostile environments, it might be prudent to
remove execution permissions from kbdload for non-
administrative users (e.g., setting the owner to bin or root
and giving it a mode of 0500).
kbdload checks to insure that the real-uid of the invoker is
the same as the owner of both standard input and standard
output files, unless the real-uid of the invoking user is
the superuser. Paths to public tables are scrutinized for
legitimacy. kbdload refuses to work as a set-uid program.
BUGS
Composite tables may be unloaded while they are actually in
use without affecting current users, though new users may no
longer attach to it. This is because composite tables are
copied and expanded when they are attached in order to keep
state information related to the attaching user. The "origi-
nal" composite always has a zero reference count, and is
never itself attached. This is not strictly a bug, it's an
"anomaly"; the effect on the user is that a composite table
may be attached and functional, yet not appear in the output
of a kbdset(1) query.
FILES
/usr/lib/kbd directory containing system stan-
dard map files.
SEE ALSO
kbdcomp(1M), kbdstrm(7).
kbdset(1) in the RISC/os User's Reference Manual.
Page 2 Printed 11/19/92