[argyllcms] Re: More on instrument access
- From: "Frédéric Crozat" <fred@xxxxxxxxxx>
- To: argyllcms@xxxxxxxxxxxxx
- Date: Mon, 7 Jan 2008 10:40:20 +0100
On Jan 7, 2008 8:41 AM, Graeme Gill <graeme@xxxxxxxxxxxxx> wrote:
> Frédéric Mantegazza wrote:
>
> > I agree, but I also think it is better to lock an unknown device from user
> > rather than let him do bad things. This is why Linux is much more secure.
> > But each davantage has its dark side ;o)
>
> But this is where it is dumb. If it's an unknown device,
> then it can't "do bad things", since nothing with root
> access knows or wants to access it (except in a generic way).
>
> Any user mode access to the device via a generic driver
> likewise can't do "bad things", because it's user mode access.
Unless you use a sane distribution, which allow it for non remote users ;)
> Apart from the purely reflex "lets lock it dow, just in case"
> I have yet to hear a rational for such a thing.
The main issue is that there isn't yet common rules and infrastructure
across distribution on default settings for
device access, moreover for uncommon hardware (ie libusb stuff). RH
and Mandriva have the concept of "console" privilege
(ie user is connected physically on the system) and often give this
user access to hardware devices (at least, we do by
default on Mandriva). Debian (and derivate) doesn't have this concept.
We are hoping this will be improving with
hal + consolekit + policykit but I guess it will take one or two years
to see them available across distros.
> OS X doesn't do such a thing, and yet there are no stories
> about some security breach due to this, or any plausible
> theory as to how such a breach could occur.
Never heard of wifi bugs in OS X recently ? ;)
--
Frederic Crozat
Other related posts:
