Re: my thoughts on the devmapper question
On 1/3/06, Ian Jackson <ian@davenant.greenend.org.uk> wrote:
> (AFAICT, for example, if the permissions have been configured locally
> somehow to be something like 0600 the configure option would result in
> a brief moment of 0660, which might be a security problem.)
Wouldn't that only be the case if
(a) devmapper is invoked with the default options?
(b) some untrusted account has permission to use the disk group?
Of course, I guess a part of the issue here is that devmapper is
invoked automatically with the default options. But nothing requires
that any user have access to the disk group.
I'm not sure what happens if the "disk" group doesn't exist. Perhaps
for that case, devmapper should fall back to 600 permissions and group
0?
--
Raul
Reply to: