From owner-freebsd-bugs  Tue May 16 01:31:30 1995
Return-Path: bugs-owner
Received: (from majordom@localhost)
          by freefall.cdrom.com (8.6.10/8.6.6) id BAA02793
          for bugs-outgoing; Tue, 16 May 1995 01:31:30 -0700
Received: from gndrsh.aac.dev.com (gndrsh.aac.dev.com [198.145.92.241])
          by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id BAA02787
          for <freebsd-bugs@FreeBSD.org>; Tue, 16 May 1995 01:31:23 -0700
Received: (from rgrimes@localhost) by gndrsh.aac.dev.com (8.6.11/8.6.9) id BAA08331; Tue, 16 May 1995 01:29:52 -0700
From: "Rodney W. Grimes" <rgrimes@gndrsh.aac.dev.com>
Message-Id: <199505160829.BAA08331@gndrsh.aac.dev.com>
Subject: Re: misc/423: security of sound devices
To: bde@zeta.org.au (Bruce Evans)
Date: Tue, 16 May 1995 01:29:51 -0700 (PDT)
Cc: pst@Shockwave.COM, wpaul@skynet.ctr.columbia.edu, freebsd-bugs@FreeBSD.org
In-Reply-To: <199505160633.QAA24269@godzilla.zeta.org.au> from "Bruce Evans" at May 16, 95 04:33:04 pm
X-Mailer: ELM [version 2.4 PL24]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Length: 1439      
Sender: bugs-owner@FreeBSD.org
Precedence: bulk

> 
> >[console user should own the audio devices]
> 
> >The only bug here is (I think) a lack of documentation. /usr/bin/login
> >already has support for /etc/fbtab and /etc/logindevperm (whichever
> >name you please) that let you define permissions and ownerships for
> >frame buffer and sound devices that take effect when a user logs in
> >on the console. /etc/fbtab is the file used in SunOS 4.1.x. Solaris 2.x
> >uses /etc/logindevperm.
> 
> We have /usr/src/etc/fbtab but it doesn't have enough devices, all
> devices are commented out, and it doesn't get installed.

I asked Guido over a week ago to do something about the copyright
on login_fbtab.c.  It is about to be cvs removed as there is not
a proper copyright on it :-(.

> >If you look at /usr/src/usr.bin/login/login_fbtab.c you'll see the
> >comments that describe what's supposed to happen. Those comments
> >should probably be made into a man page, and a default /etc/fbtab
> 
> We have fbtab.5 and it even gets installed :-).
> 
> >file should probably be added to the distribution so people will
> >have some idea that this feature exists.
> 
> The distribution should be as secure as possible by default.  What
> goes wrong if /etc/fbtab is too restrictive?  What is the equivalent
> of `mesg y'?
> 
> Bruce
> 


-- 
Rod Grimes                                      rgrimes@gndrsh.aac.dev.com
Accurate Automation Company                   Custom computers for FreeBSD