[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: (Semi-random) thoughts on device tree structure and devfs
On Tue, Mar 09, 2010 at 02:58:43PM -0500, Steven Bellovin wrote:
> On Mar 9, 2010, at 2:55 PM, Thor Lancelot Simon wrote:
> > That's a matter for the kernel to decide -- not one for some userspace
> > program which could be tampered with by any process running with euid 0.
> > At least, that is how I would strongly prefer it to be.
> But what's to stop someone from mounting a new file system over /bin?
> Or are you talking about secure_level 2?
I'm talking about trying to build policies which provide some of the
guarantees we only provide at securelevel 2 now, but allow more flexibility
to do things the administrator's decided ahead of time the system should
be allowed to do.
Doing this right is not trivial (it may require a signature binding the
contents of a medium to its UUID, etc.) but it's certainly not impossible
Causing all binding of names to devices to run forcibly through a userspace
daemon *will* make such enhancements impossible. That would suck.
Main Index |
Thread Index |