Re: my thoughts on the devmapper question

To: debian-ctte@lists.debian.org
Subject: Re: my thoughts on the devmapper question
From: Raul Miller <moth.debian@gmail.com>
Date: Wed, 4 Jan 2006 13:12:00 -0500
Message-id: <[🔎] d0461dbe0601041012t44b2176byaf9a2779b5d119e2@mail.gmail.com>
Reply-to: moth@debian.org
In-reply-to: <[🔎] 17338.41943.236130.491074@davenant.relativity.greenend.org.uk>
References: <1135111421.19777.34.camel@rover.gag.com> <[🔎] 17338.41943.236130.491074@davenant.relativity.greenend.org.uk>

On 1/3/06, Ian Jackson <ian@davenant.greenend.org.uk> wrote:
> (AFAICT, for example, if the permissions have been configured locally
> somehow to be something like 0600 the configure option would result in
> a brief moment of 0660, which might be a security problem.)

Wouldn't that only be the case if

(a) devmapper is invoked with the default options?
(b) some untrusted account has permission to use the disk group?

Of course, I guess a part of the issue here is that devmapper is
invoked automatically with the default options.  But nothing requires
that any user have access to the disk group.

I'm not sure what happens if the "disk" group doesn't exist.  Perhaps
for that case, devmapper should fall back to 600 permissions and group
0?

--
Raul

Reply to:

References:
- Re: my thoughts on the devmapper question
  - From: Ian Jackson <ian@davenant.greenend.org.uk>

Prev by Date: Bug#342455: tech-ctte: Ownership and permissions of device mapper block devices
Next by Date: Re: Technical committee removal/induction changes
Previous by thread: Re: my thoughts on the devmapper question
Index(es):
- Date
- Thread