[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: changing framebuffer device owner during login



Previously Jochen Voss wrote:
> 1) "pam_console" seems not to be packed for debian.  Maybe it is
> RedHat specific?  Is there any way to change the owner of den
> frambuffer devices for console logins, using our current PAM
> implementation?  And, if possible, shouldn't this be done by default?

It is RedHat specific, and it is also a security problem as long as
the kernel does not implement the revoke systemcall.

> 2) A group "video" does exist in my "/etc/group" file,
> but the framebuffer device permissions are
> 
>     crw--w--w-    1 root     tty       29,   0 May  5  2000 /dev/fb0
> 
> Maybe this should be mode "660" and group "video"?

No, group video is for video-capture devices.

Wichert.

-- 
  _________________________________________________________________
 /       Nothing is fool-proof to a sufficiently talented fool     \
| wichert@wiggy.net                   http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0  2805 3CB8 9250 2FA3 BC2D |



Reply to: