On Sun, Apr 08, 2012 at 08:51:02PM -0500, Bruce Dubbs wrote: > Wayne Blaszczyk wrote: > > On 09/04/12 02:25, Bruce Dubbs wrote: > > >> I do understand that some will be more comfortable with the tighter > >> permissions just on principle, but I'm trying to understand why rw > >> access to /dev/dri/card0 for a 'guest' user would be a problem. > > > I'm not an expert hacker, so I would know how, but I could just imaging > > there being an exploit of sending the right combination of bytes to say > > hang the video driver. > > > Just me being paranoid. > > I understand what you are saying, but there are a lot of other cases. > Virtually all tty interfaces are 666. Also rtc and, in my case, > nividia0 and nvidiactl. It's curious that console is 622. > > Again, I have no problems with using the video group. I was just > suggesting a possible alternative. > > -- Bruce
Wayne has described the situation nicely - why open yourself to a possible exploit ? Looking at -my- /dev/tty*, on LFS-7.1 /dev/tty is 666, but nothing else. The /dev/ttyN are 620 (tty0) or 600, /dev/ttyNN are 620, /dev/ttyXN are 660. For me, /dev/rtc is 644. I've never run nvidia binary drivers (I suspect they breach the kernel's licensing, and anyway the only nvidia card I had was on a ppc64 mac which they don't support), and I certainly wouldn't hold them up as paragons of how things ought to be. For me, /dev/console is 600. Have you done something weird to change your permissions ? ĸen -- das eine Mal als Tragödie, das andere Mal als Farce -- http://linuxfromscratch.org/mailman/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
