[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ownership of devices

Subject: Re: ownership of devices
From: Stephen J. Turnbull <nospam [at] sk.tsukuba.ac.jp>
Date: Aug 26 1999 03:13:59 EDT

>>>>> Pieter == Pieter Meiring <p.d.meiring [at] sheffield.ac.uk> writes:

Pieter> This was the basis for my supposition in my post.

OK, given Martin's and your further explanations, it sounds like
something else is going on.

Pieter> If your cracker cracks the password/group security your
Pieter> system has been thoroughly compromised anyway!

That depends. Your method leaves you vulnerable to DOS attacks (at
least, maybe snooping, too) on the audio devices from remote users.
Plant Trojans on boot floppies. Etc. Mine allows you to make sure
that the user is logged on to the console, thus remote users can't do
anything.

Of course, if the remote users have access to gcc and ftp, you're
probably pretty compromised. But it really depends on what tools and
device access you allow them.

Pieter> Where two users on the system need to use the same device
Pieter> only sequentially access would be possible and one would
Pieter> have to change ownership on the fly which would be
Pieter> equivalent to locking and unlocking....

True. Locking is notoriously hard to implement, however.

Pieter> Almost all these devices are configured after basic
Pieter> installation...
Pieter> Audio with sndconfig
Pieter> Video with X configuration
Pieter> CDROM is detected and a hard or soft link applied

steve@tanko:linux$ ls -ld /dev
drwxr-xr-x 3 root root 15360 Aug 26 13:09 /dev

You evidently have to be root to operate there; man mknod(2) says:

The newly created node will be owned by the effective uid
of the process. If the directory containing the node has
the set group id bit set, or if the filesystem is mounted
with BSD group semantics, the new node will inherit the
group ownership from its parent directory; otherwise it
will be owned by the effective gid of the process.

That means that somebody has to intentionally chown the device file.

The other question is why aren't these configurators using
/dev/MAKEDEV?

--
University of Tsukuba Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
Institute of Policy and Planning Sciences Tel/fax: +81 (298) 53-5091
__________________________________________________________________________
What are those two straight lines for? Free software rules.

Start your own FREE mailing list at

&copy; 2000 Microsoft Corporation. All Rights Reserved

Prev by Date: Re: ownership of devices
Next by Date: RE: Linux Distribution
Prev by thread: Re: ownership of devices
Next by thread: RE: ownership of devices
Index(es):
- Date
- Thread