From owner-freebsd-bugs Mon May 15 23:37:20 1995 Return-Path: bugs-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id XAA00758 for bugs-outgoing; Mon, 15 May 1995 23:37:20 -0700 Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.2.228.34]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id XAA00749 for ; Mon, 15 May 1995 23:37:11 -0700 Received: (from bde@localhost) by godzilla.zeta.org.au (8.6.9/8.6.9) id QAA24269; Tue, 16 May 1995 16:33:04 +1000 Date: Tue, 16 May 1995 16:33:04 +1000 From: Bruce Evans Message-Id: <199505160633.QAA24269@godzilla.zeta.org.au> To: pst@Shockwave.COM, wpaul@skynet.ctr.columbia.edu Subject: Re: misc/423: security of sound devices Cc: freebsd-bugs@FreeBSD.org Sender: bugs-owner@FreeBSD.org Precedence: bulk >[console user should own the audio devices] >The only bug here is (I think) a lack of documentation. /usr/bin/login >already has support for /etc/fbtab and /etc/logindevperm (whichever >name you please) that let you define permissions and ownerships for >frame buffer and sound devices that take effect when a user logs in >on the console. /etc/fbtab is the file used in SunOS 4.1.x. Solaris 2.x >uses /etc/logindevperm. We have /usr/src/etc/fbtab but it doesn't have enough devices, all devices are commented out, and it doesn't get installed. >If you look at /usr/src/usr.bin/login/login_fbtab.c you'll see the >comments that describe what's supposed to happen. Those comments >should probably be made into a man page, and a default /etc/fbtab We have fbtab.5 and it even gets installed :-). >file should probably be added to the distribution so people will >have some idea that this feature exists. The distribution should be as secure as possible by default. What goes wrong if /etc/fbtab is too restrictive? What is the equivalent of `mesg y'? Bruce