Riny Qian wrote: > > > Darren J Moffat wrote: >> Casper.Dik at Sun.COM wrote: >> >> >> Which I take to mean do not update /etc/logindevperm with >> /dev/vt/# entries so that login on a VT doesn't get changes to >> any of the devices. >> >> That at least means this project doesn't make things any worse >> than they already are. >> > > Or maybe we can do it the same way as Linux does: only the first > non-root logged in console user owns these devices. It seems fine > since there's only one account that will really use these devices > in most cases.
That seems reasonable though I don't like the special casing of root. However that suggests a non trivial rewrite of how logindevperm works today and still doesn't solve the allocate problem - yes this project didn't create the allocate problem but if you use ACLs rather than ownership change you are making it worse. > Though, I'm inclined to give all console users permission to access > these devices via ACL, which is a simple and effective solution. NO this is a security hole worse than what already exists today which is device stealing (stealing the microphone is a problem, stealing the audio out will probably cause the current output to stop). -- Darren J Moffat