On Tue, Mar 17, 2009 at 11:42:52AM +0100, Marco d'Itri wrote: > On Mar 17, Stephen Gran <sg...@debian.org> wrote:
> > This is the thinkpad /dev/nvram stuff, right? I thought for some tpctl > I think so. > The rationale for this change is harmonization with all other > distributions. On its own, that's a fairly uninteresting rationale where system groups are concerned. > > utilities to work, you currently need to be in group nvram. Making that > > equivalent to kmem seems unnecessarily broad to me. > Users must not be in specific groups to access hardware, this is broken > and insecure. No, it's only broken if the users are added to the groups on login with the assumption that the permissions can be removed at the end of the session. It's certainly far *more* insecure to add users to the kmem group than to the nvram group. But I'm not aware of any reason that users need to access /dev/nvram, generally. The only tool I know of that uses this interface is hotkey-setup, which runs a daemon as root to handle polling the nvram state, so the group permissions don't matter. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ slanga...@ubuntu.com vor...@debian.org -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org