Date: Wed, 06 Dec 2006 13:44:34 -0500 From: Tom McLaughlin <tmclaugh@sdf.lonestar.org> To: Joe Marcus Clarke <marcus@FreeBSD.org> Cc: FreeBSD Gnome <gnome@FreeBSD.org> Subject: Re: For HAL users: [Fwd: FreeBSD Security Advisory FreeBSD-SA-06:25.kmem] Message-ID: <1165430674.1464.8.camel@localhost> In-Reply-To: <457707C4.1020003@FreeBSD.org> References: <1165426804.2231.4.camel@localhost> <1165427110.26350.33.camel@ikaros.oook.cz> <457707C4.1020003@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 2006-12-06 at 13:11 -0500, Joe Marcus Clarke wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Pav Lucistnik wrote: > > Tom McLaughlin píše v st 06. 12. 2006 v 12:40 -0500: > > > >> This affects anyone with HAL setup properly according to our port's > >> defaults and uses firewire. > >> > >> I like changing the default group to wheel since most Gnome users on > >> Free will probably already be a part of wheel. I'll stop beating the > >> dead horse now. ;) > > > > Wasn't this talked to death with the result, that wheel group must be > > reserved for users capable of running 'su' *only* ? > > > > > > wheel _and_ operator are not going to work, but one or the other should > be fine. However, hal is not the only GNOME component to use operator. > While we do suggest that users that need to mount remote volumes be > in the operator group, HAL itself is not vulnerable to this problem, and > I don't think we need to change our operating procedure for something > that will not be an issue moving forward. I just want to point out the idea of changing the default group was a friendly jab after I lost the argument the first time. Hence the ';)' at the end. Humor doesn't always carry over the tubes well. :-/ I know hal isn't vulnerable. Only forwarded the message because of this portion of the advisory. --- Note also that FreeBSD does not have any non-root users in the "operator" group by default; systems on which no users have been added to this group are therefore also not vulnerable. --- It wasn't until a few minutes later that I realized that Gnome users would probably have non-root users in the group. I figured it was worth a heads up. > > For administrators of shared systems, they can decide how best to > proceed. They can either choose to patch the system, temporarily change > the HAL group, or disable HAL altogether. For users of personal > workstations, they will most likely not care. > > I do think that airing this on the mailing list is a good thing, though, > as it will make users aware of the issue. Perhaps this also warrants an > addition to the known issues list. > > Joe > > - -- > Joe Marcus Clarke > FreeBSD GNOME Team :: gnome@FreeBSD.org > FreeNode / #freebsd-gnome > http://www.FreeBSD.org/gnome > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.5 (Darwin) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFFdwfDb2iPiv4Uz4cRAks5AKCQxlCgaxWO7JetoQ4M3cSZ11lCrwCfa1EY > dpe7vR7AEWOQctJwU0y+Ans= > =Wd3l > -----END PGP SIGNATURE----- -- | tmclaugh at sdf.lonestar.org tmclaugh at FreeBSD.org | | FreeBSD http://www.FreeBSD.org | | BSD# http://www.mono-project.com/Mono:FreeBSD |
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1165430674.1464.8.camel>