On Wed, 19 Dec 2007 21:11:11 +0900 Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx> wrote: > Hello. > > Radoslaw Szkodzinski (AstralStorm) wrote: > > Actually, who needs to create device nodes? Just prohibit everyone from > > creating them, except "installer" and "udev" personality. > > This means removing CAP_MKNOD on a global scale. > > What happens if the root tampers udev's configuration file? > The udev will create inappropriate (i.e. filename with unexpected attributes) > device nodes, won't it? Yes. But root doesn't need access to these files, at least not usually. Create a separate user for editing config files - much lower probability of breakage. Remove almost all capabilities from root and profit. > After all, revoking CAP_MKNOD is not enough for guaranteeing > filename and its attributes. > > This filesystem is designed to guarantee filename and its attributes, > but this filesystem has additional access control capability. > You can forbid mknod/unlink /dev/null if you want nobody to do so. > You can forbid chmod/chown /dev/null if you want nobody to do so. You can forbid all operations on /dev (except udev) with an ACL. So, what is the need for this filesystem?
Attachment:
signature.asc
Description: PGP signature