Re: documentation on permissions for cdrom device -- where?

To: adam@onshore.com, Debian Developers <debian-devel@lists.debian.org>
Subject: Re: documentation on permissions for cdrom device -- where?
From: Kalle Olavi Niemitalo <tosi@ees2.oulu.fi>
Date: 01 Jan 1999 01:31:39 +0200
Message-id: <[🔎] 87yannanxg.fsf@PC486.Niemitalo.LAN>
In-reply-to: "Marcelo E. Magallon"'s message of Wed, 30 Dec 1998 11:41:11 -0600
References: <E0zvMzu-0005Yz-00@burrito.fake> <[🔎] 19981230114111.G1104@efis.ucr.ac.cr>

"Marcelo E. Magallon" <mmagallo@efis.ucr.ac.cr> writes:

>  The *proper* solution is to add audio to the CONSOLE_GROUPS in
>  /etc/login.defs; the problem with this is that the xdm gang doesn't
>  obey this (patch someone?). In this way, only the user at the console
>  has access to the audio devices (and the floppy, cdrom, scanner,
>  whatever)

This solution isn't very good either, since the user can create a
setgid program when she's at the console and run it later.  Or she can
leave a shell running in screen(1).  Or just leave a process holding
the device open.

The vcs* devices suffer from similar problems -- see bug #22191.

There was a story about "role-based security" in DDJ some years ago.
It explained how some (BSD?) kernel separated users in four security
levels according to where they were logging in from.  Each file had
two extra protection bits for the minimum level required to use it.
Something like that might be the real solution here.

Reply to:

Follow-Ups:
- Re: documentation on permissions for cdrom device -- where?
  - From: Wichert Akkerman <wakkerma@cs.leidenuniv.nl>

References:
- documentation on permissions for cdrom device -- where?
  - From: "Marcelo E. Magallon" <mmagallo@efis.ucr.ac.cr>

Prev by Date: Re: dpkg.log
Next by Date: Re: need someone to sign a key in MO or NE
Previous by thread: documentation on permissions for cdrom device -- where?
Next by thread: Re: documentation on permissions for cdrom device -- where?
Index(es):
- Date
- Thread