Re: mount toption: nodev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Tue, 2009-09-15 at 15:21 -0400, Yungwei Chen wrote:
> Hi,
> 
>                 I am trying to secure my CentOS file systems by
> introducing "nodev" to devies defined in /etc/fstab. I learned that
> "nodev" prevents users from mounting unauthorized devices. However, I
> can still mount a cdrom to /tmp/cdrom with the following defined
> in /etc/fstab. Am I missing something? Thanks.
> 
>                 LABEL=/tmp              /tmp                    ext3
> defaults,nodev  1 2
> 

Yes, I think that you have misinterpreted the "nodev" option.

That means that "device" files ( normally created under /dev ) in a
filesystem mounted with the "nodev" option are not allowed to access the
hardware that they represent.  This is used primarily as a protection
against malware that tries to get direct access to hardware such as
memory or network cards by creating additional device files somewhere
else.

Since CentOS ( and most other recent distros ) use "udev" to create the
necessary block and character files in the /dev tree ( which is NOT an
ext3 filesystem ) there should be no need for the "average" user to
create device files anywhere else in the directory tree.  After I
understood this, I then modified all of the systems that I take care of
to specify "nodev" as an option for ALL ext3 filesystems.

In your case, if you are mounting a CD, you are using the normal block
device(s) in /dev ( such as /dev/cdrom or /dev/hdc ) and just specifying
the directory to use as the mount point ( /tmp/cdrom ), which is
perfectly legal with this option.

-- 
Ron Loftin                      reloftin@xxxxxxxxxxxx

"God, root, what is difference ?"       Piter from UserFriendly

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux