On Thu, 31 Jan 2002, Geoffrey S. Mendelson wrote: > Tzafrir Cohen wrote: > > > Can't this be handled in terms of device file permissions? (create a > > group"mplayer" and either include yourself in it, or make the mplayer > > binary belong to it and SGID) > > It might be easier to set up a SUDO class for it.
[snip exact settings] sudo is good to prevent others from runinng the command with strange command-line parameters that might have caused it to freak out (and give away a root shell, in the worst case). However, a movie player still handles a lot of untrusted data from the internet (the movies), so sanythizing the command-line doesn't do much good. With sudo the program still runs as root. This certainly applies to a program whose sources are scattered all over the internet, and thus the chances increase that you have a problematic plug-in (or that you won't hear about a necessary upgrade to such a plug-in) (Yes, I realize that this whole post was in paranoid-mode) -- Tzafrir Cohen /"\ mailto:[EMAIL PROTECTED] \ / ASCII Ribbon Campaign Taub 229, 972-4-829-3942, X Against HTML Mail http://www.technion.ac.il/~tzafrir / \ ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
