Ken Moffat wrote: > On Sun, Apr 08, 2012 at 08:51:02PM -0500, Bruce Dubbs wrote: >> Wayne Blaszczyk wrote: >>> On 09/04/12 02:25, Bruce Dubbs wrote: >>>> I do understand that some will be more comfortable with the tighter >>>> permissions just on principle, but I'm trying to understand why rw >>>> access to /dev/dri/card0 for a 'guest' user would be a problem. >>> I'm not an expert hacker, so I would know how, but I could just imaging >>> there being an exploit of sending the right combination of bytes to say >>> hang the video driver. >>> Just me being paranoid. >> I understand what you are saying, but there are a lot of other cases. >> Virtually all tty interfaces are 666. Also rtc and, in my case, >> nividia0 and nvidiactl. It's curious that console is 622. >> >> Again, I have no problems with using the video group. I was just >> suggesting a possible alternative.
> Wayne has described the situation nicely - why open yourself to a > possible exploit ? > > Looking at -my- /dev/tty*, on LFS-7.1 /dev/tty is 666, but nothing > else. The /dev/ttyN are 620 (tty0) or 600, /dev/ttyNN are 620, > /dev/ttyXN are 660. For me, /dev/rtc is 644. I've never run nvidia > binary drivers (I suspect they breach the kernel's licensing, and > anyway the only nvidia card I had was on a ppc64 mac which they > don't support), and I certainly wouldn't hold them up as paragons of > how things ought to be. > > For me, /dev/console is 600. Have you done something weird to > change your permissions ? Never mind. I'm rambling. The permissions were from an old system. On the current system I only have write permissions to other on full, log (a socket), null, ptmx, random, tty, urandom, and zero. -- Bruce -- http://linuxfromscratch.org/mailman/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
