>>>>> Vincent Bernat <ber...@debian.org> writes: >>>>> ❦ 3 décembre 2014 16:47 GMT, Ivan Shmakov <i...@siamics.net> :
>>> The problem with those groups is that they are not fine grained >>> enough. For example, the video group gives access to the >>> framebuffer device (the user can do a screenshot) or to a webcam >>> (the user can spy another user). By encouraging the use of those >>> groups, we create big security hole. >> Do these security considerations still apply to single-user, >> single-seat systems? > Yes. Namely? > We don't "chmod -R a+rwx /" for a good reason. That makes, like, an order of magnitude difference. The former allows the machine’s owner access to audio devices irrespective of /how/ he or she choose to initiate such access. (Say, I may decide to start ogg123(1) via at(1) to wake me up in the morning.) Using Logind there is akin to only allowing user access to $HOME while being “physically” logged in. (Or do we consider that a valid restriction as well?) On the contrary, the latter would allow for purely accidental damage to the system, with no big obvious advantages I could readily think of. -- FSF associate member #7257 np. Satellite 15… The Final Frontier — Iron Maiden -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87vblso6o5....@violet.siamics.net