On Wed, 10 Jun 2020 08:24:17 -0600, jim.cromie@xxxxxxxxx said: > Id like to ask about a possible new use for file and directory sticky bits, > or setuid bits, to address the root-only use of /proc (etc) files The sticky bit and setuid/gid bits already have meanings for directories, and changing the semantics will break existing code. > this needs root > > echo module kvm +p > /proc/dynamic_debug/control > > how about this ? > > cat root-owned-readonly-file > /proc/dynamic_debug/control Nope, doesn't work that way, because the file in /proc has no way to tell that it's cat doing it from a root-owned file, versus cat doing it from a hacker-owned file. As far as the /proc file is concerned, the "echo" and "cat" commands are identical. If you have an actual need for non-root users to do this, there's always the fact that 'sudo' can be restricted to specific commands for the user, and/or the use of set-UID helper programs that validate the request and then issue it on the user's behalf.
Attachment:
pgpwXjCM4P1qq.pgp
Description: PGP signature
_______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
