Re: sound executables permissions
On Mon, 27 Jan 1997, Riku Voipio wrote:
> I've been wondering a little about how to set audio permissions up.
> On my own machine, I've been using sound applications by simply
> chmod:ing /dev/audio and friend world usable.
> Is there any policy on how we should set up sound apps?
> Anyway, there exists a group called "audio", which owns the audio
> devices. I'm little confused by the permissions of *nix:ses, so I'm
> not sure on how to do things. All other audio apps are standard
> executables, but I'm not quite satisfied with that:
> Is there anything that would be lost, if we'd make sound executables
> owned by audio, and just ask mainters to put audio app users in group
> audio? Or going even far and making sound apps audio sgid? Afterall,
> is there anything bad a cracker could do in a audio sgid shell?
Yes - listen in on what's being said near the PC using /dev/dsp to read
from the microphone.
I have shadow-login put all users from the console into group audio. I
leave all audio-requiring executables as standard executables, and this is
probably generally a sane policy - after all, the audio apps (which could
output to a non-audio device) are not what's being controlled - the audio
devices are. Therefore, it makes sense to set the permissions for the
device files, not the apps.
Tom Lees <firstname.lastname@example.org> http://www.lpsg.demon.co.uk/
PGP ID 87D4D065, fingerprint 2A 66 86 9D 02 4D A6 1E B8 A2 17 9D 4F 9B 89 D6
finger email@example.com for full public key (also available on keyservers)
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com