With an attacker mindset, I wouldn't give users persistent access to the
disks group. udev creates disks in /dev with the disk group, and r+w
group permissions. So, if I want to screw around with the root
filesystem, I can now go indirectly via which ever /dev/<disk><part> has
the root fs and monkey with the bits on disk. This is now a continuously
open hole for those users granted into that group.
With sudo, practically speaking, most personal computers are single
owner, so the users already have it. And then there is an explicit
privilege escalation for the one task, and no persistence of unneeded
privilege.
I feel your developer is making the choice of convenience over security
and explicit/relatable action of the user.
On 2/17/20 4:42 PM, John Sellens via talk wrote:
The developer seems to be insisting on an answer, rather than
a need. The need is to allow easy writing when appropriate.
Consider a wrapper script that uses sudo to call the actual command.
And then set sudoers(5) to allow appropriate people to run the command
as root without a password.
That means that it's easy for the user, and access to the disk
devices is only provided through the (presumably) tested and
well-functioning command.
Remember: you can solve any problem in computer science with
another level of indirection.
I suspect that there's a way via udev or dbus to accomplish the
appropriate thing. But I'm not smart enough for that.
Hope that helps!
John
On Mon, 2020/02/17 04:28:52PM -0500, Stewart C. Russell via talk
<[email protected]> wrote:
| So I'm working with a developer making a simple cross-platform graphical
| program to write Raspberry Pi OS images to SD card. This is meant for
| beginners to use. The developer is adamant that their program doesn't need
| to run under 'sudo' but that every user should be added to the disk group
| instead.
|
| This means that every user can write directly to system disk devices at any
| time. The Debian-based systems I use don't add regular users to "disk". Is
| it reasonable/common for regular users to be set up this way?
|
| cheers
|
| Stewart $(export HAVE_ACCIDENTALLY_OVERWRITTEN_ROOT=1) Russell
|
|
|
| ---
| Post to this mailing list [email protected]
| Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
---
Post to this mailing list [email protected]
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
--
Scott Sullivan
---
Post to this mailing list [email protected]
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
