Hi, On Mon, December 17, 2007 01:40, Tetsuo Handa wrote: > Hello. > > Indan Zupancic wrote: >> What prevents them from mounting tmpfs on top of /dev, bypassing your fs? > Mandatory access control (MAC) prevents them from mounting tmpfs on top of > /dev . > MAC mediates namespace manipulation requests such as mount()/umount(). > >> Also, if they have root there are plenty of ways to prevent an administrator >> from logging in, e.g. using iptables or changing the password. > MAC mediates execution of /sbin/iptables or /usr/bin/passwd . > > So, use of this filesystem alone is meaningless because > attackers with root privileges can do what you are saying. > But use of this filesystem with MAC is still valid because > MAC can prevent attackers with root privileges from doing what you are saying. If MAC can avoid all that, then why can't it also avoid tampering with /dev? What security does your filesystem add at all, if it's useless without a MAC doing all the hard work? I think you can better spend your time on read-only bind mounts. Greetings, Indan - To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
