Re: sound executables permissions

To: Riku Voipio <riku.voipio@sci.fi>
Cc: debian-devel@lists.debian.org
Subject: Re: sound executables permissions
From: Philippe Troin <phil@fifi.org>
Date: Mon, 27 Jan 1997 12:40:05 -0800
Message-id: <[🔎] 199701272040.MAA00091@tantale.fifi.org>
In-reply-to: Your message of "Mon, 27 Jan 1997 21:18:22 +0200." <[🔎] Pine.LNX.3.95.970127194206.327A-100000@kitchen>

On Mon, 27 Jan 1997 21:18:22 +0200 Riku Voipio (neurochp@nowhere.net) 
wrote:

>  I've been wondering a little about how to set audio permissions up.
> On my own machine, I've been using sound applications by simply 
> chmod:ing /dev/audio and friend world usable. 
> 
> Is there any policy on how we should set up sound apps?

There is no special policy so far.

>  Anyway, there exists a group called "audio", which owns the audio
> devices. I'm little confused by the permissions of *nix:ses, so I'm
> not sure on how to do things. All other audio apps are standard 
> executables, but I'm not quite satisfied with that:
> 
>  Is there anything that would be lost, if we'd make sound executables
> owned by audio, and just ask mainters to put audio app users in group 
> audio? Or going even far and making sound apps audio sgid? Afterall, 
> is there anything bad a cracker could do in a audio sgid shell?

Probably nothing.
There's a group audio because some people consider annoying that an other person can play a sound file remotely when they're in front of their screen (don't tell me you've never done this !).
Depending on your local policy, you can:
 - make the audio device world-writable/readable, enabling anyone to play sound.
 - add the persons which are supposed  to log on the console to the group audio.

But what would IMHO be a better thing would be to add a person to the audio group when it logs on the console or with xdm. There should be a /etc/logingroups file or whatever, which should say what supplementary groups one should get when logged on a device.

I know that Sun an HP use a /etc/logindevperm which chowns some devices depending on which terminal was used for login, but I don't like this because in Linux, several persons can be logged on the console at the same time.

But this is more ``secure'' than my proposed approach (because once you get the supplemental group, you can create a setgid shell to keep this group).

What do you think about implementing this in Debian ?

Phil.

--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Reply to:

Follow-Ups:
- Re: sound executables permissions
  - From: Joey Hess <joey@kite.ml.org>

References:
- sound executables permissions
  - From: Riku Voipio <neurochp@nowhere.net>

Prev by Date: libc4 (Was: Re: New source format repackaging: Status.)
Next by Date: Re: imagemagick / xv mime types
Previous by thread: Re: sound executables permissions
Next by thread: Re: sound executables permissions
Index(es):
- Date
- Thread