Re: sound executables permissions

[Philippe Troin <phil@fifi.org>]

On Mon, 27 Jan 1997, Philippe Troin wrote:

> Not at all... /etc/group is consulted during the login (with initgroups() if 
> I remember correctly)  to initialize the supplemental group list.
> We should just add some terminal-based supplemental groups when calling this 
> function, and not touch the /etc/group file.
> If I've got time, I'll try to hack this in /bin/login and in xdm.
> But I've already plenty of stuff to do :-(

nick@Feedback.com.ar said:
> I think that only allowed users (included in `audio' group) should be 
> given access to the audio. Other users should not get access to audio 
> even if they are at the console (what if they leave a process 
> recording everything when they leave?) 

maor@ece.utexas.edu said:
> Yes I agree.  If I get added to any group, what's stopping me from 
> creating a setgid shell in my home directory?  I can get access to 
> the group forever. 

I said I knew this was a security problem. But some other devices like the floppy drive (floppy group), or the raw cdrom access (to play audio CDs) could also benefit from it.
The idea behind this is to allow access to some devices from the console and forbid accidental manipulations when not logged on the console (or whatever device/tty combination).

Unfortunately, the Unix security scheme doesn't leave give us a good solution to this problem. Any other ideas here ?

Phil.



--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com