On Wed, Oct 27, 2010 at 8:23 AM, Rajat Sharma <fs.rajat@xxxxxxxxx> wrote:
Be it for any reason, it is a security loop whole. Even more dangerous is you have access to device file and its not very hard to erase blocks from disk through device file eg.
dd if=/dev/zero of=/dev/sda1 bs=32k count=32k
This would only be a security hole if a regular user was able to escalate privilege and run the command. Once your root there are a million ways to shoot yourself in the foot.
I can do just as much file loss with rm -rf /
Also, dd if=/dev/sda1 of=backup-sda1.image is very useful to quickly backup whole partitions.
crw-r----- 1 root kmem 1, 1 2010-10-27 11:57 mem
Here are the permissions for /dev/mem on my box I do not see the security hole. Regular users can not even read from /dev/mem
--
John
