[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: linhdd concerns

Steve Langasek wrote:
> No, that would be a security hole.  Even making it setgid disk would be a
> security hole, since the disk group has write access to all disk devices.

I didn't mean a simple wrapper around the binary, I meant a wrapper
around the binary with a specific set of arguments, locking the used to
a single read-only operation (which seems to be what the front end needs).

Now that you mention it, my original thought would still pose a security
threat in case the fdisk could somehow be exploited through the wrapper,
but then again this is precisely the same level of security any other
setuid binary in the system has.


Leo "costela" Antunes
[insert a witty retort here]

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: