[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: group nvram

This one time, at band camp, Marco d'Itri said:
> On Mar 17, Stephen Gran <sgran@debian.org> wrote:
> > This is the thinkpad /dev/nvram stuff, right?  I thought for some tpctl
> > utilities to work, you currently need to be in group nvram.  Making that
> > equivalent to kmem seems unnecessarily broad to me.
> Users must not be in specific groups to access hardware, this is broken
> and insecure.

That's the first I've heard that argument - of course you don't give
untrusted users access to hardware, but we've always managed access to
devices with group membership (lp, dialout, etc).  Are you proposing
that should change?

|   ,''`.                                            Stephen Gran |
|  : :' :                                        sgran@debian.org |
|  `. `'                        Debian user, admin, and developer |
|    `-                                     http://www.debian.org |

Attachment: signature.asc
Description: Digital signature

Reply to: