[systemd-devel] PrivateDevices with more than basic set of devices?
Topi Miettinen
toiwoton at gmail.com
Mon Jan 26 09:07:47 PST 2015
On 01/26/15 12:41, Simon McVittie wrote:
> On 24/01/15 10:09, Topi Miettinen wrote:
>> For example, smartd only needs access to /dev/sd*.
>
> Let me spell that differently: smartd "only" needs the ability to make
> arbitrary filesystem changes, defeating any possible configurable
> security mechanism.
Not exactly: it only needs read access. Depending on the system, that
could be very different from being able to make arbitrary filesystem
changes.
>
> If you give it access to /dev/sd* but not to other devices, what
> security or safety have you actually gained, compared with giving it all
> of /dev?
Maybe nothing. But why should smartd be able access any other devices?
>
> Admittedly, there are better examples, like saned only needing access to
> USB scanners (plus SCSI scanners, serial ports and parallel ports if you
> care about older hardware). I suspect device permissions are a rather
> better answer for finer-grained access control than "all or nothing",
> though.
If a device does not exist at all, it's harder to access it than if only
device permissions and/or SELinux protect it. Not impossible, but harder.
-Topi
>
> S
>
> _______________________________________________
> systemd-devel mailing list
> systemd-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/systemd-devel
>
More information about the systemd-devel
mailing list