For HAL users: [Fwd: FreeBSD Security
Advisory FreeBSD-SA-06:25.kmem]
Joe Marcus Clarke
marcus at FreeBSD.org
Wed Dec 6 10:11:50 PST 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Pav Lucistnik wrote:
> Tom McLaughlin píše v st 06. 12. 2006 v 12:40 -0500:
>
>> This affects anyone with HAL setup properly according to our port's
>> defaults and uses firewire.
>>
>> I like changing the default group to wheel since most Gnome users on
>> Free will probably already be a part of wheel. I'll stop beating the
>> dead horse now. ;)
>
> Wasn't this talked to death with the result, that wheel group must be
> reserved for users capable of running 'su' *only* ?
>
>
wheel _and_ operator are not going to work, but one or the other should
be fine. However, hal is not the only GNOME component to use operator.
While we do suggest that users that need to mount remote volumes be
in the operator group, HAL itself is not vulnerable to this problem, and
I don't think we need to change our operating procedure for something
that will not be an issue moving forward.
For administrators of shared systems, they can decide how best to
proceed. They can either choose to patch the system, temporarily change
the HAL group, or disable HAL altogether. For users of personal
workstations, they will most likely not care.
I do think that airing this on the mailing list is a good thing, though,
as it will make users aware of the issue. Perhaps this also warrants an
addition to the known issues list.
Joe
- --
Joe Marcus Clarke
FreeBSD GNOME Team :: gnome at FreeBSD.org
FreeNode / #freebsd-gnome
http://www.FreeBSD.org/gnome
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFdwfDb2iPiv4Uz4cRAks5AKCQxlCgaxWO7JetoQ4M3cSZ11lCrwCfa1EY
dpe7vR7AEWOQctJwU0y+Ans=
=Wd3l
-----END PGP SIGNATURE-----
More information about the freebsd-gnome
mailing list