[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: group nvram

Stephen Gran <sgran@debian.org> writes:

>> Users must not be in specific groups to access hardware, this is broken
>> and insecure.
> That's the first I've heard that argument - of course you don't give
> untrusted users access to hardware, but we've always managed access to
> devices with group membership (lp, dialout, etc).  Are you proposing
> that should change?

Well, since lp and dialout access cannot render your machine unbootable,
this is indeed possible with nvram, since you can overwrite critical
parts of your bios with it. Think of an malicious or buggy program
running under your user account doing nasty things.

Reinhard Tartler, KeyID 945348A4

Reply to: