Le mercredi 07 octobre 2009 à 18:52 +0200, Marco d'Itri a écrit : > On Oct 07, Frederic Crozat <fcrozat@xxxxxxxxxxxx> wrote: > > > > - setgid programs like gammu for dialout : no action for users needed > > > but any user (even without console privilege) will gain access to those > > > devices > On Debian systems, pppd is suid root and only executable by group dip > (which historically controls the ability to dial out), while uucico is > sgid dialout but is in a directory not accessible by unpriviledged users. > cu and minicom do not have special permission. > If a program can output user-controllable strings to the console then > you can as well add the user to group dialout without a significant > security risk. I'm not sure I'm following you. For me, adding users to a group is really an option, since it isn't handled on the fly and I don't expect users to add them to a group to start using a graphical program. -- Frederic Crozat <fcrozat@xxxxxxxxxxxx> Mandriva -- To unsubscribe from this list: send the line "unsubscribe linux-hotplug" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
