I doubt that having the installation of a package weaken a system's security is a good idea.
Perhaps serial ports are special because a serial port can be used for a PPP (or similar) network connection. So if all users have access to all serial ports by default then a compromised process can potentially spread via PPP (or similar). A serial port might also have particular interesting hardware attached to it (e.g. a PLC) that should not by default be exposed to compromised processes. Can you say Stuxnet? This does not seem goodness to me. An alternative to having the PuTTY installer change security would be for PuTTY itself to detect that the desired serial port device is not accessible and ask whether the user wants to do something about it i.e. only when the user actually configures PuTTY to use a serial port. That means that * if the PuTTY user never goes near the serial port (most users?) then no security change is ever made. * no change is made without explicit user consent. * if the user who is doing the install is not the user who is using PuTTY then the security change is made for the correct user (where relevant). This does assume though that the user who is using PuTTY has permission to use sudo (or similar). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1012630 Title: Can't access serial port without root To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/putty/+bug/1012630/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
