[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: DE features dependent on Systemd

>>>>> Vincent Bernat <bernat@debian.org> writes:
>>>>> ❦ 3 décembre 2014 13:55 +0100, Adam Borowski <kilobyte@angband.pl> :

[…]

 >>> This “adduser first-user audio” was already useless in squeeze and
 >>> it hasn’t changed.

 >> Only if you run logind or consolekit.  Without them (ie, on headless
 >> boxes or with classic-type WMs) you do need to access the devices
 >> which are mode 660 root:audio.

 > A classic-type WM can make use of logind to get the appropriate ACL
 > setup.

 > The problem with those groups is that they are not fine grained
 > enough.  For example, the video group gives access to the framebuffer
 > device (the user can do a screenshot) or to a webcam (the user can
 > spy another user).  By encouraging the use of those groups, we create
 > big security hole.

	Do these security considerations still apply to single-user,
	single-seat systems?

[…]

-- 
FSF associate member #7257  http://boycottsystemd.org/  … 3013 B6A0 230E 334A
Reply to: