Vulnerability Development mailing list archives
Re: Window manager - implementation bug/feature ???
From: timothy.miller () AFIWC01 AF MIL (Timothy J. Miller)
Date: Thu, 7 Oct 1999 11:07:17 -0500
Chris Wilson <cmw32 () CAM AC UK> writes:
This is normal behaviour under Red Hat *ONLY* when you log in physically to the machine (i.e. from the console). Red Hat assumes that normal users who are sitting in front of the machine will want to play CDs, use audio, etc. without having to become root. This increases security, because people don't need the root password to play CDs anymore. It doesn't happen if you log in remotely by telnet.
I would still call it broken behaviour. For instance, Debian uses group rw permissions to control access to floppy, audio, cdrom, modem, etc. devices; properly adding local users to the correct groups eliminates the need for privileged code. Special-casing local logons smacks of a bad hack.
Current thread:
- Re: Window manager - implementation bug/feature ??? Timothy J. Miller (Oct 07)
- <Possible follow-ups>
- Re: Window manager - implementation bug/feature ??? Mithun Bhattacharya (Oct 12)