> Assuming /dev/pmu is user writable by default is clearly incorrect. > gnome-settings-daemon should run suid root, or fix /dev/pmu permissions at > install time. Or use fblevel (suid root) to manipulate backlight. IMHO > world writeable /dev/pmu constitutes too high a risk to consider the > second option. Having gnome-settings-daemon run suid root might even be > worse; use sgid and a special group perhaps? > > Please report this bug upstream (to the Gnome maintainers, or the Gnome > team).
World writeable /dev/pmu isn't that bad. sleep is controlled by CAP_SYS_ADMIN anyway, so you can only "listen" to PMU events and control the backlight. So the worst thing a malign user can do is switch your backlight off ... Unlike /dev/adb which allows to send PMU commands :) I know it's not very consistent, most of that is historical stuff and needs to be reworked. Help welcome :) Ben.
