You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2024-05-17 09:22:09
- gcb
- Member
- Registered: 2014-02-12
- Posts: 169
video group nowadays
should I have security considerations with the `video` group for wayland?
previously that group only impacted capture devices. So i didn't care if all process from a user could access the camera or something.
Now it seems that is required for video out/privacy. I see the sddm user is added automatically in a desktop arch install.
Does this implies I should not give access to that group to regular users if I care about desktop privacy?
https://wiki.debian.org/SystemGroups
https://wiki.archlinux.org/title/Users_and_groups
basically what i'm worried is: wayland fixes problems such as https://steflan-security.com/linux-priv … ups/#video but now i have to decide between opening up that exploit again or allowing user access to the webcam.
Last edited by gcb (2024-05-17 09:25:11)
Offline
#2 2024-05-17 09:27:19
- gcb
- Member
- Registered: 2014-02-12
- Posts: 169
Re: video group nowadays
Oh, I think this is a post to Newbie corner 
just realized some `/dev/video*` devices are accessible to users outside of the `video` group. But not all.
For example, user outside of `video` group in a default wayland install can open a webcam in the browser, but cannot start a virtual video (e.g. v4l2loopback, obs-studio, etc)
Does that mean there is something (dbus related maybe?) that allows access to some devices? what thing is that?
Offline
#3 2024-05-17 11:17:49
- V1del
- Forum Moderator
- Registered: 2012-10-16
- Posts: 23,447
Re: video group nowadays
logind/session management will give you access to device nodes for logged in users. https://man.archlinux.org/man/systemd-l … rvice.8.en
Offline
Pages: 1