[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: gdm/Gnome/KDE and device permissions

On Wed, 11 Oct 2006 16:31:37 +0200
Gernot Salzer <salzer@logic.at> wrote:

> > First, there is no safe way to revoke privileges from a user. If a user
> > gets access to a certain group he/she can arrange ways to keep it,
> > even after being logged out (make a suid binary for example).
> I admit that I don't know much about the internals of Unix/Linux.
> So, if upon login of user "foo" ownership/permissions of /dev/audio are set to
> crw------- 1 foo audio 14, 4 2006-09-22 13:25 /dev/audio
> and after logout of "foo" and login of "bar" to
> crw------- 1 bar audio 14, 4 2006-09-22 13:25 /dev/audio
> "foo" might still be able to access /dev/audio ?

One problem is that a user can launch a daemon that keeps the device file
open before she logs out
Also I was referring to how pam_group works, but I find this way of
handling permissions even more broken than pam_group. For example, 
what happens if somebody logs in on another VT?

> > Second, several people can login at once on different VTs.
> True, the general case is much more involved.
> However, considering that the majority of desktops is single-headed,

Ever tried ctrl-alt-fn or fast-user-switching?

> This includes to be able to access devices easily,
> but without being pried upon by curious (but otherwise friendly and
> non-hacker) remote users.

You maybe right that there are lots of people that are the only user 
on their systems and for them the objections I have are maybe not
important. But going with pam_group or libpam-permdev is broken by design
and is not the solution that is going be the standard in the debian.

For these people the current setup probably works quite well anyway,
because (IIRC) pmount mounts read-only for the user. (If it doesn't you
can most probably set it up that way). And because everybody
is friendly anyway they won't 'cat garbage > /dev/dsp' ;)
> > Why would you want to bring udev in the picture? If you think the scheme 
> > used by pam_group (and similar) is secure enough for you, you can also grant 
> > access to the plugdev, netdev and powerdev groups.
> I don't want to grant access to groups but rather want to mimic
> the behaviour of libpam-permdev that changes ownership/permissions
> of the device to grant only access to the console user.
> Maybe "udev" is the wrong term; with udev I mean the part of the
> system that creates devices dynamically and thus knows when and
> at which device e.g. a usb stick was plugged in, and can initiate
> the action of changing the ownership/permissions.
> I found a partial solution somewhere on the web working like that.

You could probably make a udev rule that does that. But it seems a bit
fragile, and again has the same problems as the other methods.

grts Tim

Attachment: signature.asc
Description: PGP signature

Reply to: