On Mon, 17 Dec 2007 16:30:54 +1030 David Newall <[email protected]> wrote: > Tetsuo Handa wrote: > > If Bob is malicious and creates /dev/sda1 with block-8-2 attribute [...] > > Bob can't do that. Only root can. Not even root can, if you remove him the capability. Only udev can. (which possibly doesn't have to run as root, given correct capability set?) Of course root may be able to change the configuration of udev to create device nodes of his liking if you allow that...
Attachment:
signature.asc
Description: PGP signature
- References:
- Re: [patch 1/2] [RFC] Simple tamper-proof device filesystem.
- From: Tetsuo Handa <[email protected]>
- Re: [patch 1/2] [RFC] Simple tamper-proof device filesystem.
- From: David Newall <[email protected]>
- Re: [patch 1/2] [RFC] Simple tamper-proof device filesystem.
- From: Tetsuo Handa <[email protected]>
- Re: [patch 1/2] [RFC] Simple tamper-proof device filesystem.
- From: David Newall <[email protected]>
- Re: [patch 1/2] [RFC] Simple tamper-proof device filesystem.
- From: Tetsuo Handa <[email protected]>
- Re: [patch 1/2] [RFC] Simple tamper-proof device filesystem.
- From: Tetsuo Handa <[email protected]>
- Re: [patch 1/2] [RFC] Simple tamper-proof device filesystem.
- From: David Newall <[email protected]>
- Re: [patch 1/2] [RFC] Simple tamper-proof device filesystem.
- Prev by Date: Re: sata_mv not working with a RocketRaid 2220
- Next by Date: Re: After many hours all outbound connections get stuck in SYN_SENT
- Previous by thread: Re: [patch 1/2] [RFC] Simple tamper-proof device filesystem.
- Next by thread: Re: [patch 1/2] [RFC] Simple tamper-proof device filesystem.
- Index(es):
 |