[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: gdm/Gnome/KDE and device permissions

> First, there is no safe way to revoke privileges from a user. If a user
> gets access to a certain group he/she can arrange ways to keep it,
> even after being logged out (make a suid binary for example).

I admit that I don't know much about the internals of Unix/Linux.

So, if upon login of user "foo" ownership/permissions of /dev/audio are set to
crw------- 1 foo audio 14, 4 2006-09-22 13:25 /dev/audio
and after logout of "foo" and login of "bar" to
crw------- 1 bar audio 14, 4 2006-09-22 13:25 /dev/audio
"foo" might still be able to access /dev/audio ?

> Second, several people can login at once on different VTs.

True, the general case is much more involved.

However, considering that the majority of desktops is single-headed,
it would be most useful to be able to install a package that sets up
the computer for this special case
such that people can work under gnome/kde like they are used to from
windows or mac-os. This includes to be able to access devices easily,
but without being pried upon by curious (but otherwise friendly and
non-hacker) remote users.

> Why would you want to bring udev in the picture? If you think the scheme 
> used by pam_group (and similar) is secure enough for you, you can also grant 
> access to the plugdev, netdev and powerdev groups.

I don't want to grant access to groups but rather want to mimic
the behaviour of libpam-permdev that changes ownership/permissions
of the device to grant only access to the console user.

Maybe "udev" is the wrong term; with udev I mean the part of the
system that creates devices dynamically and thus knows when and
at which device e.g. a usb stick was plugged in, and can initiate
the action of changing the ownership/permissions.
I found a partial solution somewhere on the web working like that.

> Note that access control
> is not hard coded to plugdev in dbus, you can edit the files in /etc/udev
> to have more relaxed access control. Oh, on debian you also need to change
> the permissions of p{u,}mount
> Afaik, fedora has pam_console or something like that does something like
> you suggest; give privileges to all users that log in at the console.
> Also dbus has some support for this, but this isn't compiled in the
> debian version, because of the caveats I outlined above.

Thanks, I'll check it.

> FWIW, there has been some discussion and ideas floating
> around on the HAL and DBus lists. The current consensus is that we need
> a secure way for dbus/hal to know what is the current active virtual
> terminal and how owns it. For mulit-head systems we need a way to
> specify that certain devices (think usb ports) belong to a certain
> display. 
> Nobody has had time to implement it yet however.

Good to know. So I'm not wasting time when constructing a (simple) solution
for my situation.


Reply to: