Re: SUDO

To: debian-user@lists.debian.org
Subject: Re: SUDO
From: Michael Pobega <pobega@gmail.com>
Date: Tue, 4 Dec 2007 10:55:47 -0500
Message-id: <[🔎] 20071204155547.GA3564@digital-haze.net>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20071204141045.GC6565@titan.hooton>
References: <[🔎] 47541D57.4040108@mail.tele.dk> <[🔎] 475416ED.1020100@gmail.com> <[🔎] 20071203172717.4283c7ae@kir.physnet.uni-hamburg.de> <[🔎] 20071203164754.GA3405@digital-haze.net> <[🔎] 20071204141045.GC6565@titan.hooton>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, Dec 04, 2007 at 09:10:45AM -0500, Douglas A. Tutty wrote:
> On Mon, Dec 03, 2007 at 11:47:54AM -0500, Michael Pobega wrote:
>  
> > Using sudo the way Jostein suggested is just as open to problems as
> > logging in as root is, and should be avoided at all costs. Sudo was made
> > to save the user from hassle, for example, to play Wesnoth I need to
> > have access to the SDL framebuffer, but since you need to have root
> > permissions to access it I granted myself permissions just to Wesnoth.
> > 
> > pobega	ALL=NOPASSWD	/usr/games/wesnoth
> > 
> > And aliased in my shell:
> > 
> > alias wesnoth	'sudo /usr/games/wesnoth'
> > 
> > So when I run `wesnoth`, the framebuffer is automagically started and
> > I'm granted root permissions just for this one operation.
> 
> However, then the whole game is being run with root privleges.  Is it
> audited for use by root; what else is that binary doing while you're
> gaming?  Sudo only limits what commands you can issue
> from the shell; it does't limit what those commands can do.  It would be
> better to do one of the following:
> 
> 	1.	Have a separate game machine that you can reload
> 		periodically.  It should have not public keys on it or
> 		any other sensitive info.  Use a non-gaming box for real
> 		work.
> 
> 	2.	Find an alternative to the SDL framebuffer.  Perhaps 
> 		there's a permissions thing that could give members of 
> 		a 'gaming' group or something access to the SDL.  Then 
> 		the game could run under that normal user.
> 
> 	3.	Choose a different game.
> 
> Note that I have sdl installed as dependencies of vlc.  However, I can
> play vlc as a normal user.  Perhaps its a group thing.
> 
> Are you in the video group?
> 

Yes, I am. And I should have access to the framebuffer, but for some
reason it doesn't work with SDL; Would CHMODing the file in /dev/ be
enough to grant me rw permissions to the fb?

- -- 
If programmers deserve to be rewarded for creating innovative
programs, by the same token they deserve to be punished if they
restrict the use of these programs. 
 - Richard Stallman
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHVXiDg6qL2BGnx4QRAmkKAKCfLXp3mBm3u7NFO073lSuSmM5WkACfTHbf
lIUWBsVv/FatCO3v4w+63x0=
=NzKE
-----END PGP SIGNATURE-----

Reply to:

References:
- SUDO
  - From: Erik Jakobsen <erik_ja@mail.tele.dk>
- Re: SUDO
  - From: Jostein Elvaker Haande <jehaande@gmail.com>
- Re: SUDO
  - From: Dan H <dunno@stoptrick.com>
- Re: SUDO
  - From: Michael Pobega <pobega@gmail.com>
- Re: SUDO
  - From: "Douglas A. Tutty" <dtutty@porchlight.ca>

Prev by Date: Re: Syncable finance app?
Next by Date: Re: compiz fusion
Previous by thread: Re: SUDO
Next by thread: Re: SUDO
Index(es):
- Date
- Thread