Re: group nvram
On Wed, 18 Mar 2009, Marco d'Itri wrote:
> On Mar 18, Steve Langasek <vorlon@debian.org> wrote:
> > A peek at the source says it uses /proc/acpi/ibm/light.
> Other people told me that they believe that nowadays all modern
> thinkpads use a kernel driver.
A driver which I happen to be the maintainer of ;-)
The driver supports every real thinkpad made in the last ten years,
including the more common numbered series models still in use (770, 600,
570). Almost-thinkpads (like the thinkpad-sl and the i-series) are unlikely
to have a compatible nvram layout anyway, so they don't count.
I *do* know of people still using the model 240, and those cannot use the
ACPI-based driver at all. But these people usually do NOT run Debian,
either.
However, if you remove group nvram, please don't go with kmem. Go with
root. While PeeCee CMOS-style NVRAM writes can soft-brick a box (you
debrick it by clearing the nvram and redoing all your BIOS config), AFAIK
kmem access lets you install rootkits or read sensitive data like encryption
keys.
By using the root group for /dev/nvram, you avoid the trap of people adding
users to the kmem group without knowing the consequences.
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
Reply to: