Bug#766520: Allow unlimited access to the device to any user
On Thu, Oct 23, 2014 at 08:45:03PM +0200, Vincent Bernat wrote: File: /lib/udev/rules.d/60-garmin-plugin.rules The package installs an udev rule granting access to the device to any user. Any user with an account on the machine can then do whatever they want with the device. I suggest to use this udev rule instead: ATTRS{idVendor}==091e, ATTRS{idProduct}==0003, MODE=0660, GROUP=plugdev, TAG+=uaccess FR220/620 have ProductID 2660. How about removing ATTRS{idProduct} to apply all 091e Garmin International devices? Or adding a 2660 line. Only users in the plugdev group or users located physically in front of the machine will be able to access the device. There is a similar udev rule in the garmin-frontrunner-tools package (but it doesn't do anything). [CURRENT] $ cat /lib/udev/rules.d/60-garmin-forerunner-tools.rules ATTRS{idVendor}==091e, ATTRS{idProduct}==0003, GROUP=plugdev Given garmin-plugin depends on garmin-forerunner-tools, better fixing g-f-tools rule than adding another one, isn't it? [PROPOSED] $ cat /lib/udev/rules.d/60-garmin-forerunner-tools.rules ATTRS{idVendor}==091e, MODE=0660, GROUP=plugdev, TAG+=uaccess Thanks for considering. -- G..e -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#766520: Allow unlimited access to the device to any user
Package: garmin-plugin Version: 0.3.23-1+b1 Severity: normal File: /lib/udev/rules.d/60-garmin-plugin.rules Tags: security patch -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi! The package installs an udev rule granting access to the device to any user. Any user with an account on the machine can then do whatever they want with the device. I suggest to use this udev rule instead: ATTRS{idVendor}==091e, ATTRS{idProduct}==0003, MODE=0660, GROUP=plugdev, TAG+=uaccess Only users in the plugdev group or users located physically in front of the machine will be able to access the device. There is a similar udev rule in the garmin-frontrunner-tools package (but it doesn't do anything). - -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (101, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16-3-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages garmin-plugin depends on: ii garmin-forerunner-tools 0.10repacked-5 ii iceweasel31.2.0esr-2 ii libc62.19-12 ii libgcc1 1:4.9.1-18 ii libgcrypt20 1.6.2-4 ii libstdc++6 4.9.1-18 ii libtinyxml2.6.2 2.6.2-2 ii libusb-0.1-4 2:0.1.12-25 ii zlib1g 1:1.2.8.dfsg-2 garmin-plugin recommends no packages. garmin-plugin suggests no packages. - -- no debconf information -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCAAGBQJUSUyoAAoJEJWkL+g1NSX5cEUP/i2HeJOzmf7Xo2CkKnhPpHl1 FAqBsKHwCg7Lap34rMMQCzkOfdOemmQxPDzfJvdyhxcydPpNOT8+/wZ73TA5fDPI uSy1CtQKAIA7oeznqVC14wMaMT+VeFPo44TVc3/EbSoR9nfiCpNZuEPmj1uuI+eJ uCz97b1ivNp3qL9bA9XlcSFHx5HJOV01eyha+/O3gzHRl7U+GuMhJOMUbXXFtWWG sjnSnEFZk+0xEb7BTvyHQBX5QHHEm/07t8Wqp0LtAefCwV+1ALiFkgpZwIpw1fJp YVLsvnhDab5lW2MpAeLV+xkUSejlKaFbcWGRpIl9yQXejiWiXSXE+PYiTb4UdqTt qVe24GHzjb2nBbrLBOXvuNVAnxFkZV+veR/cr1Bk+NaF4GV2zN6if0d36+oKbgaz TaQ+0vRmOKnEAVJBGy+vYy1J2/CGnMaFLHu17JXP8chtrA14XHM8nqLnCpjanzqX vklJ59sM57aWSy/11T+Im3NirMT3RbVChXzLrbPh9w33hFOmOWgzumexMUsuGGRo xRZDtPQmxnI7ovOiOyA8T75UMR7zLZnT9gS2d7vHhjvLDTblYFgICHYYl039k2LU qZYSacy6NbitNCxiHw0NAbhrKwbD7bU7i7hduOJE1LoA5UaeaqDowjqIyn40mIma kxo395pmU75CEmipW5CG =t+XP -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org