[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: sound executables permissions

On Mon, 27 Jan 1997, Riku Voipio wrote:

>  I've been wondering a little about how to set audio permissions up.
> On my own machine, I've been using sound applications by simply 
> chmod:ing /dev/audio and friend world usable. 
> Is there any policy on how we should set up sound apps?
>  Anyway, there exists a group called "audio", which owns the audio
> devices. I'm little confused by the permissions of *nix:ses, so I'm
> not sure on how to do things. All other audio apps are standard 
> executables, but I'm not quite satisfied with that:
>  Is there anything that would be lost, if we'd make sound executables
> owned by audio, and just ask mainters to put audio app users in group 
> audio? Or going even far and making sound apps audio sgid? Afterall, 
> is there anything bad a cracker could do in a audio sgid shell?

Yes - listen in on what's being said near the PC using /dev/dsp to read
from the microphone.

I have shadow-login put all users from the console into group audio. I
leave all audio-requiring executables as standard executables, and this is
probably generally a sane policy - after all, the audio apps (which could
output to a non-audio device) are not what's being controlled - the audio
devices are. Therefore, it makes sense to set the permissions for the
device files, not the apps.

Tom Lees <tom@lpsg.demon.co.uk>			http://www.lpsg.demon.co.uk/
PGP ID 87D4D065, fingerprint 2A 66 86 9D 02 4D A6 1E  B8 A2 17 9D 4F 9B 89 D6
finger tom@master.debian.org for full public key (also available on keyservers)

TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Reply to: