Date: Wed, 06 Dec 2006 13:11:16 -0500 From: Joe Marcus Clarke <marcus@FreeBSD.org> To: Pav Lucistnik <pav@oook.cz> Cc: FreeBSD Gnome <gnome@FreeBSD.org>, Tom McLaughlin <tmclaugh@sdf.lonestar.org> Subject: Re: For HAL users: [Fwd: FreeBSD Security Advisory FreeBSD-SA-06:25.kmem] Message-ID: <457707C4.1020003@FreeBSD.org> In-Reply-To: <1165427110.26350.33.camel@ikaros.oook.cz> References: <1165426804.2231.4.camel@localhost> <1165427110.26350.33.camel@ikaros.oook.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Pav Lucistnik wrote: > Tom McLaughlin píše v st 06. 12. 2006 v 12:40 -0500: > >> This affects anyone with HAL setup properly according to our port's >> defaults and uses firewire. >> >> I like changing the default group to wheel since most Gnome users on >> Free will probably already be a part of wheel. I'll stop beating the >> dead horse now. ;) > > Wasn't this talked to death with the result, that wheel group must be > reserved for users capable of running 'su' *only* ? > > wheel _and_ operator are not going to work, but one or the other should be fine. However, hal is not the only GNOME component to use operator. While we do suggest that users that need to mount remote volumes be in the operator group, HAL itself is not vulnerable to this problem, and I don't think we need to change our operating procedure for something that will not be an issue moving forward. For administrators of shared systems, they can decide how best to proceed. They can either choose to patch the system, temporarily change the HAL group, or disable HAL altogether. For users of personal workstations, they will most likely not care. I do think that airing this on the mailing list is a good thing, though, as it will make users aware of the issue. Perhaps this also warrants an addition to the known issues list. Joe - -- Joe Marcus Clarke FreeBSD GNOME Team :: gnome@FreeBSD.org FreeNode / #freebsd-gnome http://www.FreeBSD.org/gnome -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFdwfDb2iPiv4Uz4cRAks5AKCQxlCgaxWO7JetoQ4M3cSZ11lCrwCfa1EY dpe7vR7AEWOQctJwU0y+Ans= =Wd3l -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?457707C4.1020003>