Riny Qian wrote:
> 
> 
> Darren J Moffat wrote:
>> Casper.Dik at Sun.COM wrote:
>>
>>
>> Which I take to mean do not update /etc/logindevperm with
>> /dev/vt/# entries so that login on a VT doesn't get changes to
>> any of the devices.
>>
>> That at least means this project doesn't make things any worse
>> than they already are.
>>
> 
> Or maybe we can do it the same way as Linux does: only the first
> non-root logged in console user owns these devices. It seems fine
> since there's only one account that will really use these devices
> in most cases.

That seems reasonable though I don't like the special casing of root.

However that suggests a non trivial rewrite of how logindevperm
works today and still doesn't solve the allocate problem - yes this
project didn't create the allocate problem but if you use ACLs rather
than ownership change you are making it worse.

> Though, I'm inclined to give all console users permission to access
> these devices via ACL, which is a simple and effective solution.

NO this is a security hole worse than what already exists today which
is device stealing (stealing the microphone is a problem, stealing
the audio out will probably cause the current output to stop).

-- 
Darren J Moffat

Reply via email to