On 03-Apr-2001 David E.Fox wrote:
> I'm surprised no one has mentioned the permissions on the
> audio devices themselves. What, for instance, are the permissions
> on /dev/dsp? If it's set to (for example) -rw------ root audio then no
> wonder you can't use the device as a non-root user.
>
> You could circumvent the issue and just chmod 666 your audio
> device files (/dev/audio, /dev/sequencer, /dev/dsp etc.) if you don't
> expect someone telnetting in and sending stuff out your sound card in
> the middle of the night and waking you up :).
>
[snip]
If you didn't set them to 640
> (i.e.,
> -rw-rw--' then you wouldn't have been able to access them even if you
> did
> change the group info.
>
Well, we are all working with the setup mandrake gives us. I have a stock
LM 7.2 install and you will note below that Mandrake made the one user
(sundance) the owner of the "special" [audio] files (it might be worth
remembering that /dev or device files are special files, none of which are
executables per se.)
crw------- 1 sundance audio 14, 14 Sep 27 2000 admmidi0
crw------- 1 sundance audio 14, 30 Sep 27 2000 admmidi1
crw------- 1 sundance audio 14, 46 Sep 27 2000 admmidi2
crw------- 1 sundance audio 14, 62 Sep 27 2000 admmidi3
crw------- 1 sundance audio 14, 12 Sep 27 2000 adsp0
crw------- 1 sundance audio 14, 28 Sep 27 2000 adsp1
crw------- 1 sundance audio 14, 44 Sep 27 2000 adsp2
crw------- 1 sundance audio 14, 60 Sep 27 2000 adsp3
crw------- 1 sundance audio 116, 0 Sep 27 2000 aload0
crw------- 1 sundance audio 116, 32 Sep 27 2000 aload1
crw------- 1 sundance audio 116, 64 Sep 27 2000 aload2
crw------- 1 sundance audio 116, 96 Sep 27 2000 aload3
crw------- 1 sundance audio 116, 1 Sep 27 2000 aloadSEQ
crw------- 1 sundance audio 14, 13 Sep 27 2000 amidi0
crw------- 1 sundance audio 14, 29 Sep 27 2000 amidi1
crw------- 1 sundance audio 14, 45 Sep 27 2000 amidi2
crw------- 1 sundance audio 14, 61 Sep 27 2000 amidi3
crw------- 1 sundance audio 14, 4 Sep 27 2000 audio0
crw------- 1 sundance audio 14, 20 Sep 27 2000 audio1
crw------- 1 sundance audio 14, 36 Sep 27 2000 audio2
crw------- 1 sundance audio 14, 52 Sep 27 2000 audio3
crw------- 1 sundance audio 14, 7 Sep 27 2000 audioctl
The "c" indicates a character device: the whole thing is, first, a MAKEDEV
issue. Only after that does it become a chmod issue. But still, the "rw"
perm on the device is obviously sufficient for me (user==sundance) to have
full access to sound (since I own it) and is the way Mandrake
set things up. It's not quite clear whether the suggestion is that this
represents a potential remote security exploit, but if so, then that is
surely a mistaken suggestion. /dev files are all *special* files, and
none of them are directly executable AFAIK.
The thing with the above setup, all other things being equal, is that
adding a new user after the fact, say sundown, to the audio group would
likely be a "no joy" affair. Had I added several users during the LM
install, it seems like the owner would have been root, the group "audio",
all users put in the "audio" group, and the perms something like
crw-rw----. Does anybody else find it a bit odd the way Mandrake set this
up for the lone sundance user?
b5dave
---------
02-Apr-2001
23:16:37
---------
