tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: (Semi-random) thoughts on device tree structure and devfs

On Tue, Mar 09, 2010 at 02:58:43PM -0500, Steven Bellovin wrote:
> On Mar 9, 2010, at 2:55 PM, Thor Lancelot Simon wrote:
> > 
> > That's a matter for the kernel to decide -- not one for some userspace
> > program which could be tampered with by any process running with euid 0.
> > 
> > At least, that is how I would strongly prefer it to be.
> But what's to stop someone from mounting a new file system over /bin?
> Or are you talking about secure_level 2?

I'm talking about trying to build policies which provide some of the
guarantees we only provide at securelevel 2 now, but allow more flexibility
to do things the administrator's decided ahead of time the system should
be allowed to do.

Doing this right is not trivial (it may require a signature binding the
contents of a medium to its UUID, etc.) but it's certainly not impossible

Causing all binding of names to devices to run forcibly through a userspace
daemon *will* make such enhancements impossible.  That would suck.


Home | Main Index | Thread Index | Old Index