On Wed, Oct 27, 2004 at 05:03:43PM +0200, Julien BLACHE wrote: > For those of you interested, I've uploaded resmgr 1.0-1 to > experimental (must go through NEW, etc.). > > I'll upload a version of sane-backends built with resmgr support to > experimental when sane-backends 1.0.15 will be released (end of next > week, IIRC). > > I plan to have SANE built with resmgr support for Etch, and I hope > other applications will support resmgr too. It can make life a lot > easier, and changes to the code are really minimal.
It is, however, a security hole; it's functionally equivalent to pam_console (which we declined to ship in the past) and has the same problems. As such it's not really an improvement in security over making devices group- or world-accessible. resmgr must not be enabled by default and should carry a big warning; you can only use it in scenarios where you would be willing to use pam_console. (Why somebody bothered to implement resmgr instead of simply enhancing pam_console is beyond me; probably NIH) -- .''`. ** Debian GNU/Linux ** | Andrew Suffield : :' : http://www.debian.org/ | `. `' | `- -><- |
signature.asc
Description: Digital signature
