Re: [patch 1/2] [RFC] Simple tamper-proof device filesystem.

From: AstralStorm
Date: Tue Dec 18 2007 - 10:33:26 EST

Next message: James Nichols: "Re: After many hours all outbound connections get stuck in SYN_SENT"
Previous message: Jean-Louis Dupond: "Re: sata_mv not working with a RocketRaid 2220"
In reply to: David Newall: "Re: [patch 1/2] [RFC] Simple tamper-proof device filesystem."
Next in thread: Indan Zupancic: "Re: [patch 1/2] [RFC] Simple tamper-proof device filesystem."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 17 Dec 2007 16:30:54 +1030
David Newall <david@xxxxxxxxxxxxxxx> wrote:

> Tetsuo Handa wrote:
> > If Bob is malicious and creates /dev/sda1 with block-8-2 attribute [...]
>
> Bob can't do that. Only root can.

Not even root can, if you remove him the capability. Only udev can.
(which possibly doesn't have to run as root, given correct capability
set?)

Of course root may be able to change the configuration of udev to
create device nodes of his liking if you allow that...

Attachment: signature.asc
Description: PGP signature

Next message: James Nichols: "Re: After many hours all outbound connections get stuck in SYN_SENT"
Previous message: Jean-Louis Dupond: "Re: sata_mv not working with a RocketRaid 2220"
In reply to: David Newall: "Re: [patch 1/2] [RFC] Simple tamper-proof device filesystem."
Next in thread: Indan Zupancic: "Re: [patch 1/2] [RFC] Simple tamper-proof device filesystem."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]