On Jo, 16 oct 14, 07:31:56, Joel Rees wrote: > 2014/10/16 5:59 "Andrei POPESCU" <andreimpopescu@gmail.com>: > > > > The problem with this approach is that it's not fine-grained enough, > > i.e. it can't distinguish between users logged in locally or via ssh. > > This means Mallory could easily spy on Alice remotely, just by being a > > member of 'audio' and 'video'. > > Two thoughts that this problem brings to mind -- > > (1) Why should it matter? Local? Remote? A hole is a hole. It doesn't. Mallory could as well just set up a program to record from the audio/video devices. > (1.5) How does ssh deal with making connections private? Any clues there? I don't know what you mean by this. > (2) There are times when I don't want to have to be logged in as an admin > user to be able to make an ephemeral group. I've understood that for ten > years. When am I going to make the time to construct the package to manage > it within the standard unix permissions model? Same here. Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic http://nuvreauspam.ro/gpg-transition.txt
Attachment:
signature.asc
Description: Digital signature