[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: linhdd concerns

On Mon, Nov 26, 2007 at 11:38:06PM -0800, Steve Langasek wrote:
> On Mon, Nov 26, 2007 at 09:51:35PM +0100, Leo costela Antunes wrote:
> > What information does linhdd need from fdisk?
> > Fdisk seems to run just fine as a normal user on Debian. The issues
> > seems to be that /dev/{s,h}d* are directly readable only by members of
> > the group 'disk'.
> > Perhaps instead of packaging this 'abs_fdisk', which AFAICT is just a
> > "read-only non-root" fdisk, you could just create a setuid wrapper to
> > the normal fdisk and use it from linhdd?
> No, that would be a security hole.  Even making it setgid disk would be a
> security hole, since the disk group has write access to all disk devices.

The idea of the wrapper would of course be that it would only allow read
access, so the write access is not a problem.

If I understand the case correctly, abs_fdisk is a modified read-only
setuid root version of fdisk, which is used by linhdd to get some info
which is also available to everyone under /proc.  Providing this info is
obviously not a security problem (as long as abs_fdisk is not buggy).
However, "a read-only version of fdisk" can likely get much more info
than just what is available in /proc.  The fact that linhdd doesn't use
that doesn't make it unavailable.  It seems to me that this approach
introduces security issues (allowing read access that shouldn't be
allowed, plus an extra setuid root (or setgid disk) binary which must
not be buggy) that should better be avoided.

Would it be very hard to write a script which does the same as abs_fdisk
(and can be used as a drop-in replacement), but gets its info from
/proc, and doesn't need elevated permissions?


I encourage people to send encrypted e-mail (see http://www.gnupg.org).
If you have problems reading my e-mail, use a better reader.
Please send the central message of e-mails as plain text
   in the message body, not as HTML and definitely not as MS Word.
Please do not use the MS Word format for attachments either.
For more information, see http://pcbcn10.phys.rug.nl/e-mail.html

Attachment: signature.asc
Description: Digital signature

Reply to: