Re: SUDO
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, Dec 04, 2007 at 09:10:45AM -0500, Douglas A. Tutty wrote:
> On Mon, Dec 03, 2007 at 11:47:54AM -0500, Michael Pobega wrote:
>
> > Using sudo the way Jostein suggested is just as open to problems as
> > logging in as root is, and should be avoided at all costs. Sudo was made
> > to save the user from hassle, for example, to play Wesnoth I need to
> > have access to the SDL framebuffer, but since you need to have root
> > permissions to access it I granted myself permissions just to Wesnoth.
> >
> > pobega ALL=NOPASSWD /usr/games/wesnoth
> >
> > And aliased in my shell:
> >
> > alias wesnoth 'sudo /usr/games/wesnoth'
> >
> > So when I run `wesnoth`, the framebuffer is automagically started and
> > I'm granted root permissions just for this one operation.
>
> However, then the whole game is being run with root privleges. Is it
> audited for use by root; what else is that binary doing while you're
> gaming? Sudo only limits what commands you can issue
> from the shell; it does't limit what those commands can do. It would be
> better to do one of the following:
>
> 1. Have a separate game machine that you can reload
> periodically. It should have not public keys on it or
> any other sensitive info. Use a non-gaming box for real
> work.
>
> 2. Find an alternative to the SDL framebuffer. Perhaps
> there's a permissions thing that could give members of
> a 'gaming' group or something access to the SDL. Then
> the game could run under that normal user.
>
> 3. Choose a different game.
>
> Note that I have sdl installed as dependencies of vlc. However, I can
> play vlc as a normal user. Perhaps its a group thing.
>
> Are you in the video group?
>
Yes, I am. And I should have access to the framebuffer, but for some
reason it doesn't work with SDL; Would CHMODing the file in /dev/ be
enough to grant me rw permissions to the fb?
- --
If programmers deserve to be rewarded for creating innovative
programs, by the same token they deserve to be punished if they
restrict the use of these programs.
- Richard Stallman
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHVXiDg6qL2BGnx4QRAmkKAKCfLXp3mBm3u7NFO073lSuSmM5WkACfTHbf
lIUWBsVv/FatCO3v4w+63x0=
=NzKE
-----END PGP SIGNATURE-----
Reply to:
- References:
- SUDO
- From: Erik Jakobsen <erik_ja@mail.tele.dk>
- Re: SUDO
- From: Jostein Elvaker Haande <jehaande@gmail.com>
- Re: SUDO
- From: Dan H <dunno@stoptrick.com>
- Re: SUDO
- From: Michael Pobega <pobega@gmail.com>
- Re: SUDO
- From: "Douglas A. Tutty" <dtutty@porchlight.ca>