>>>>> Vincent Bernat <ber...@debian.org> writes:
>>>>> ❦ 3 décembre 2014 13:55 +0100, Adam Borowski <kilob...@angband.pl> :
[…]
>>> This “adduser first-user audio” was already useless in squeeze and
>>> it hasn’t changed.
>> Only if you run logind or consolekit. Without them (ie, on headless
>> boxes or with classic-type WMs) you do need to access the devices
>> which are mode 660 root:audio.
> A classic-type WM can make use of logind to get the appropriate ACL
> setup.
> The problem with those groups is that they are not fine grained
> enough. For example, the video group gives access to the framebuffer
> device (the user can do a screenshot) or to a webcam (the user can
> spy another user). By encouraging the use of those groups, we create
> big security hole.
Do these security considerations still apply to single-user,
single-seat systems?
[…]
--
FSF associate member #7257 http://boycottsystemd.org/ … 3013 B6A0 230E 334A
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/878uioptmy....@violet.siamics.net
