Alan Cox wrote:
The reason setuid is needed is to allow use of vendor commands, and the
command filter in the kernel doesn't allow some as non-root. Certain
people in the kernel community refuse to add these command, the author
Actually thats untrue. We've added commands where it is safe to do so and
we've also repeatedly said to people who wanted to customise the command
list "send patches". Nobody has.
What patches? Below you reject the idea of specifying processes I trust
to write individual devices, any patch to add commands to the allowed
commands table in a running system could hardly be safer, and the table
applies to all processes and CD devices, while I propose matching g+rw
on the device with eGID of the process at open and setting some "trust"
flag. That allows me to trust only a single device to a single process.
The right answer would be to have the kernel provide a way such as group
id, so I could identify devices and programs I trust with each other.
That doesn't work. If you give a process access to a CD it can change the
firmware which means next reboot it controls the system. Thus the only
logical thing you can give it is pretty much "all powers"
Anyone who puts anything ahead of the disk in the boot sequence is
asking to leave a media in a drive at next boot. Stupidity, like virtue,
is its own reward.
--
Bill Davidsen <davidsen@xxxxxxx>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
