[Bug 552095] The owner group of /var/lock is root instead of the owner group of /dev/ttyS* -> minicom cannot be run as normal user

http://bugzilla.novell.com/show_bug.cgi?id=552095 http://bugzilla.novell.com/show_bug.cgi?id=552095#c8 Kay Sievers changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|kasievers@novell.com |bnc-team-screening@forge.pr | |ovo.novell.com --- Comment #8 from Kay Sievers 2009-11-26 10:06:25 UTC --- (In reply to comment #7)

Reopening. The argument that something is not going to change because a coordination across distributions would be unlikely to happen does not fix our problem.

Our problem is that /var/lock is not writable by any user, it's owned by root:root.

There are two problems: /var/lock and /dev/ttyS* ownerships, and they are linked. group dialout on a serial device is too risky, as it invites malware dialler.

I can not see any specific risk associated with it. Other stuff like ISDN uses "dialout" for the devices for ages.

This bug is about changing settings silently that have proven to provide a reasonable setup. Why can't this be addressed?

This bug is about /var/lock not writable by any user. Address it by introducing a group "lock" for /var/lock (Fedora), or make /var/lock world writable like /var/tmp (Debian/Ubuntu), that's the fix which is needed. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.