Re: linhdd concerns

[Steve Langasek <vorlon@debian.org>]

On Mon, Nov 26, 2007 at 09:51:35PM +0100, Leo costela Antunes wrote:
> Anthony Towns wrote:
> > Given the description of abs_fdisk on the linhdd site:

> > ] 0.4 release now includes a customized version of fdisk (called
> > ] abs_fdisk). Why? Well, daealing with SATA (scsi) in /proc was a bear --
> > ] and the ease with which fdisk gave me the needed drive info made me wish
> > ] I could use fdisk. Just that on Slackware and Absolute, which I use,
> > ] you can only run fdisk as root. Sooooo -- I downloaded util-linux and
> > ] changed the source code for fdisk so that it would not srite anythig
> > ] to drives, just return the drive info. Renamed it abs_fdisk (because I
> > ] wrote it sort of specifically for Absolute Linux, and Eureka!, Use fdisk
> > ] as non-root user safely.

> > makes it sound to me like you should be packaging abs_fdisk separately and
> > having linhdd Depend: on it; or, ideally, getting util-linux patched so
> > its fdisk can support the same features as abs_fdisk.

> What information does linhdd need from fdisk?
> Fdisk seems to run just fine as a normal user on Debian. The issues
> seems to be that /dev/{s,h}d* are directly readable only by members of
> the group 'disk'.
> Perhaps instead of packaging this 'abs_fdisk', which AFAICT is just a
> "read-only non-root" fdisk, you could just create a setuid wrapper to
> the normal fdisk and use it from linhdd?

No, that would be a security hole.  Even making it setgid disk would be a
security hole, since the disk group has write access to all disk devices.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek@ubuntu.com                                     vorlon@debian.org