Re: SUDO

["Douglas A. Tutty" <dtutty@porchlight.ca>]

On Mon, Dec 03, 2007 at 11:47:54AM -0500, Michael Pobega wrote:
 
> Using sudo the way Jostein suggested is just as open to problems as
> logging in as root is, and should be avoided at all costs. Sudo was made
> to save the user from hassle, for example, to play Wesnoth I need to
> have access to the SDL framebuffer, but since you need to have root
> permissions to access it I granted myself permissions just to Wesnoth.
> 
> pobega	ALL=NOPASSWD	/usr/games/wesnoth
> 
> And aliased in my shell:
> 
> alias wesnoth	'sudo /usr/games/wesnoth'
> 
> So when I run `wesnoth`, the framebuffer is automagically started and
> I'm granted root permissions just for this one operation.

However, then the whole game is being run with root privleges.  Is it
audited for use by root; what else is that binary doing while you're
gaming?  Sudo only limits what commands you can issue
from the shell; it does't limit what those commands can do.  It would be
better to do one of the following:

	1.	Have a separate game machine that you can reload
		periodically.  It should have not public keys on it or
		any other sensitive info.  Use a non-gaming box for real
		work.

	2.	Find an alternative to the SDL framebuffer.  Perhaps 
		there's a permissions thing that could give members of 
		a 'gaming' group or something access to the SDL.  Then 
		the game could run under that normal user.

	3.	Choose a different game.

Note that I have sdl installed as dependencies of vlc.  However, I can
play vlc as a normal user.  Perhaps its a group thing.

Are you in the video group?

Doug.