Re: group nvram

To: debian-devel@lists.debian.org
Subject: Re: group nvram
From: Reinhard Tartler <siretart@debian.org>
Date: Wed, 18 Mar 2009 08:33:52 +0100
Message-id: <[🔎] 873adbcmjj.fsf@faui44a.informatik.uni-erlangen.de>
References: <[🔎] 20090317013937.GA2973@bongo.bofh.it> <[🔎] 200903171130.35891.holger@layer-acht.org> <[🔎] 20090317013937.GA2973@bongo.bofh.it> <[🔎] 20090317085638.GA30653@www.lobefin.net> <[🔎] 20090317104252.GA4973@bongo.bofh.it> <[🔎] 20090317111535.GB10537@www.lobefin.net>

Stephen Gran <sgran@debian.org> writes:

>> Users must not be in specific groups to access hardware, this is broken
>> and insecure.
>
> That's the first I've heard that argument - of course you don't give
> untrusted users access to hardware, but we've always managed access to
> devices with group membership (lp, dialout, etc).  Are you proposing
> that should change?

Well, since lp and dialout access cannot render your machine unbootable,
this is indeed possible with nvram, since you can overwrite critical
parts of your bios with it. Think of an malicious or buggy program
running under your user account doing nasty things.

-- 
Gruesse/greetings,
Reinhard Tartler, KeyID 945348A4

Reply to:

References:
- group nvram
  - From: md@Linux.IT (Marco d'Itri)
- Re: group nvram
  - From: Holger Levsen <holger@layer-acht.org>
- Re: group nvram
  - From: Stephen Gran <sgran@debian.org>
- Re: group nvram
  - From: md@Linux.IT (Marco d'Itri)
- Re: group nvram
  - From: Stephen Gran <sgran@debian.org>

Prev by Date: Re: DEP-4: The TDeb specification.
Next by Date: Re: Bug#466550: Pristine source from upstream VCS repository
Previous by thread: Re: group nvram
Next by thread: Re: group nvram
Index(es):
- Date
- Thread