http://bugzilla.novell.com/show_bug.cgi?id=552095#c2
Ludwig Nussel changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEEDINFO |NEW
CC| |ro@novell.com,
| |security-team@suse.de
Info Provider|security-team@suse.de |
AssignedTo|ro@novell.com |kasievers@novell.com
--- Comment #2 from Ludwig Nussel 2009-11-18 07:51:15 UTC ---
Why was ttyS0 changed from uucp to dialout? The dialout group actually was
never used to access to serial ports on SUSE. It merely allowed to connect to
smpppd to trigger pre-defined connections.
Access to /var/lock likely has security implications as I seriously doubt that
applications writing there are constructed to avoid symlink or tmp race style
attacks.
I'd rather change have the group of ttyS0 changed to root in order to avoid
implicit suggestion to put users in any group.
Wrt /var/lock there is no default solution. Resmgr solved it by having a
service take care of the lock files but resmgr is no more.
--
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.