[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]


Hash: SHA1

On Tue, Dec 04, 2007 at 09:10:45AM -0500, Douglas A. Tutty wrote:
> On Mon, Dec 03, 2007 at 11:47:54AM -0500, Michael Pobega wrote:
> > Using sudo the way Jostein suggested is just as open to problems as
> > logging in as root is, and should be avoided at all costs. Sudo was made
> > to save the user from hassle, for example, to play Wesnoth I need to
> > have access to the SDL framebuffer, but since you need to have root
> > permissions to access it I granted myself permissions just to Wesnoth.
> > 
> > pobega	ALL=NOPASSWD	/usr/games/wesnoth
> > 
> > And aliased in my shell:
> > 
> > alias wesnoth	'sudo /usr/games/wesnoth'
> > 
> > So when I run `wesnoth`, the framebuffer is automagically started and
> > I'm granted root permissions just for this one operation.
> However, then the whole game is being run with root privleges.  Is it
> audited for use by root; what else is that binary doing while you're
> gaming?  Sudo only limits what commands you can issue
> from the shell; it does't limit what those commands can do.  It would be
> better to do one of the following:
> 	1.	Have a separate game machine that you can reload
> 		periodically.  It should have not public keys on it or
> 		any other sensitive info.  Use a non-gaming box for real
> 		work.
> 	2.	Find an alternative to the SDL framebuffer.  Perhaps 
> 		there's a permissions thing that could give members of 
> 		a 'gaming' group or something access to the SDL.  Then 
> 		the game could run under that normal user.
> 	3.	Choose a different game.
> Note that I have sdl installed as dependencies of vlc.  However, I can
> play vlc as a normal user.  Perhaps its a group thing.
> Are you in the video group?

Yes, I am. And I should have access to the framebuffer, but for some
reason it doesn't work with SDL; Would CHMODing the file in /dev/ be
enough to grant me rw permissions to the fb?

- -- 
If programmers deserve to be rewarded for creating innovative
programs, by the same token they deserve to be punished if they
restrict the use of these programs. 
 - Richard Stallman
Version: GnuPG v1.4.6 (GNU/Linux)


Reply to: