From owner-freebsd-bugs Mon May 15 18:33:28 1995 Return-Path: bugs-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id SAA24172 for bugs-outgoing; Mon, 15 May 1995 18:33:28 -0700 Received: from skynet.ctr.columbia.edu (skynet.ctr.columbia.edu [128.59.64.70]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id SAA24162 for ; Mon, 15 May 1995 18:33:24 -0700 Received: (from wpaul@localhost) by skynet.ctr.columbia.edu (8.6.8/8.6.6) id UAA03481; Mon, 15 May 1995 20:30:11 -0400 Date: Mon, 15 May 1995 20:30:11 -0400 From: "House of Debuggin'" Message-Id: <199505160030.UAA03481@skynet.ctr.columbia.edu> To: pst@Shockwave.COM Subject: Re: misc/423: security of sound devices Cc: freebsd-bugs@FreeBSD.org Sender: bugs-owner@FreeBSD.org Precedence: bulk >>Number: 423 >>Category: misc >>Synopsis: Sound devices are too insecure [console user should own the audio devices] The only bug here is (I think) a lack of documentation. /usr/bin/login already has support for /etc/fbtab and /etc/logindevperm (whichever name you please) that let you define permissions and ownerships for frame buffer and sound devices that take effect when a user logs in on the console. /etc/fbtab is the file used in SunOS 4.1.x. Solaris 2.x uses /etc/logindevperm. If you look at /usr/src/usr.bin/login/login_fbtab.c you'll see the comments that describe what's supposed to happen. Those comments should probably be made into a man page, and a default /etc/fbtab file should probably be added to the distribution so people will have some idea that this feature exists. -Bill ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~T~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Bill Paul (212) 854-6020 | System Manager Work: wpaul@ctr.columbia.edu | Center for Telecommunications Research Home: wpaul@skynet.ctr.columbia.edu | Columbia University, New York City ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The Møøse Illuminati: ignore it and be confused, or join it and be confusing! ~~~~~~ "Welcome to All Things BSDish! If it's not BSDish, it's crap!" ~~~~~~~ >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs (FreeBSD bugs mailing list) >State: open >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon May 15 12:20:00 1995 >Originator: Paul Traina >Organization: Shockwave Engineering >Release: FreeBSD BUILT-19950426 i386 >Environment: FreeBSD *.* with sound driver support added. >Description: We currently set the permissions on these devices wide open, as it's easy to get unprivileged programs to work with them. Unfortunately, it also means I can bug your room if I can rsh to your machine, or better yet, make farting noises on your speakers. >How-To-Repeat: cat farting-noise.au | rsh time.cdrom.com "cat >/dev/audio" rsh time.cdrom.com "cat /dev/audio >Fix: I thought about creating a new group to own the devices, following the dialer convention for modem devices, but then everything would have to be setgid, and in point of fact, this is the wrong model. The right model is to do the same thing that we do with /dev/console. If you're logged in at the console (or local X server), you own the sound devices. When you logout, they should go back to root.sound ownership, with no world access. Whomever owns the console should also own the sound devices. I think this should be implemented by changing the protections of the sound devices at the same time the console and tty devices are changed. I don't think this should be done as a kernel hack, and I think there should be a trivial way to disable this default behavior. >Audit-Trail: >Unformatted: