Re: [patch 1/2] [RFC] Simple tamper-proof device filesystem.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, 19 Dec 2007 21:11:11 +0900
Tetsuo Handa <[email protected]> wrote:

> Hello.
> 
> Radoslaw Szkodzinski (AstralStorm) wrote:
> > Actually, who needs to create device nodes? Just prohibit everyone from
> > creating them, except "installer" and "udev" personality.
> > This means removing CAP_MKNOD on a global scale.
> 
> What happens if the root tampers udev's configuration file?
> The udev will create inappropriate (i.e. filename with unexpected attributes)
> device nodes, won't it?

Yes. But root doesn't need access to these files, at least not usually.
Create a separate user for editing config files - much lower
probability of breakage. Remove almost all capabilities from root and
profit.

> After all, revoking CAP_MKNOD is not enough for guaranteeing
> filename and its attributes.
> 
> This filesystem is designed to guarantee filename and its attributes,
> but this filesystem has additional access control capability.
> You can forbid mknod/unlink /dev/null if you want nobody to do so.
> You can forbid chmod/chown /dev/null if you want nobody to do so.

You can forbid all operations on /dev (except udev) with an ACL.
So, what is the need for this filesystem?

Attachment: signature.asc
Description: PGP signature

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux