Re: Blocking the access to the device files.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Dec 29, 2010 at 6:32 PM, Prasad Joshi <prasadjoshi124@xxxxxxxxx> wrote:
> On Wed, Dec 29, 2010 at 4:12 PM, Mulyadi Santosa
> <mulyadi.santosa@xxxxxxxxx> wrote:
>> On Wed, Dec 29, 2010 at 20:06, Prasad Joshi <prasadjoshi124@xxxxxxxxx> wrote:
>>> Hello All,
>>>
>>> ZFS file system has a property called devices. If turned off, ZFS
>>> would not allow access to the device files (block/character) present
>>> on the file system. I want to implement the same behavior on the a
>>> Linux File System.
>>
>> I don't know about ZFS, so could you please elaborate on what you mean
>> by "ZFS could disallow access"?
>
> I am really sorry that I was not clear with the first mail. Thanks a
> lot for all mail replies and for sharing important information.
> By not disallowing access to device files I ment
>
> root@prasad-laptop:~# mount disk -o loop arm/
>
> root@prasad-laptop:~/arm# mount -t ext3
> /dev/loop0 on /home/prasad/arm type ext3 (rw)
>
> ############# CREATING A DEVICE FILE ON THE FILE SYSTEM
> root@prasad-laptop:~/arm# mknod zero c 1 5
>
> root@prasad-laptop:~/arm# ls
> lost+found  zero
>
> root@prasad-laptop:~/arm# ls -l
> total 12
> drwx------ 2 root root 12288 2010-12-23 11:28 lost+found
> crw-r--r-- 1 root root  1, 5 2010-12-23 11:28 zero
>
> root@prasad-laptop:~/arm# dd if=zero of=disk bs=10K count=10K
> dd: writing `disk': No space left on device
> 9313+0 records in
> 9312+0 records out
> 95354880 bytes (95 MB) copied, 1.00106 s, 95.3 MB/s
>
> root@prasad-laptop:~/arm# ls -l
> total 93499
> -rw-r--r-- 1 root root 95354880 2010-12-23 11:28 disk
> drwx------ 2 root root    12288 2010-12-23 11:28 lost+found
> crw-r--r-- 1 root root     1, 5 2010-12-23 11:28 zero
>
> Here the file system allowed access to the device file named zero. The
> requirement is to turn off the access to all of the device files
> present on the mounted file system. ie. considering the above case
> access (open/read/write) to/from device zero should not be allowed
> (even by root user). I don't know why would one create a device file
> on a file system other than /dev.
>
> I could modify the open code to check if the file the file being
> opened is device file then return either EPERM or EACCESS (not sure
> which one). But before modifying the code I thought of checking mount
> flags, could not find one, hence thought of asking on mailing list.
>
> Thanks a lot for wonderful replies and sharing valuable information.
> Hope the example above has made the requirement clear.
>
> Thanks and Regards,
> Prasad

Well that's totally different than I thought.

Why not stop the mknod from working instead of the open?

mknod is not be part of the "hot path", where open could easily be for
some apps.

ie. If your FS does not support device files, then simply don't allow
them to be created.

Thanks
Greg

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@xxxxxxxxxxxxxxxxx
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies



[Index of Archives]     [Newbies FAQ]     [Linux Kernel Mentors]     [Linux Kernel Development]     [IETF Annouce]     [Git]     [Networking]     [Security]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux SCSI]     [Linux ACPI]
  Powered by Linux