Re: [patch 1/2] [RFC] Simple tamper-proof device filesystem.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 17 Dec 2007 16:30:54 +1030
David Newall <david@xxxxxxxxxxxxxxx> wrote:

> Tetsuo Handa wrote:
> > If Bob is malicious and creates /dev/sda1 with block-8-2 attribute [...]
> 
> Bob can't do that.  Only root can.

Not even root can, if you remove him the capability. Only udev can.
(which possibly doesn't have to run as root, given correct capability
set?)

Of course root may be able to change the configuration of udev to
create device nodes of his liking if you allow that...

Attachment: signature.asc
Description: PGP signature


[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]
  Powered by Linux