Hi Robert, I am replying to the dazuko-devel mailing list as well because I think this is information that would interest many people.
robert wrote: > Very early on in development I decided that it was a good/safe idea to chown > the dazuko device to the user performing the install instead of root. This > solved a lot of usability issues and since the device is still chmod 600 I > figured there was no problem. > > I'm now beginning to wonder - what in your view are the potential pitfalls of > this approach? Am I courting disaster for KlamAV users or is this acceptable? This could potentially be dangerous for AV-protection. If malicious code was executed by the user, the code could register itself with Dazuko and work "unnoticed" by the the AV-software. (However, if the malicious code was able to execute in the first place, then it was not detected by the AV-software anyway.) Dazuko relies on proper system permissions to control access to Dazuko. For a more controlled setup it would be better if the Dazuko device was owned by a special group. The scanner itself could be setgid for this group to be able to access Dazuko. This would have the same affect as you have now with the added benefit that only the scanner has priveledges to communicate with Dazuko. # newgrp dazuko # chown root:dazuko /dev/dazuko # chmod 660 /dev/dazuko # chgrp dazuko avscanner.bin # chmod g+s avscannerbin.bin In summary, I wouldn't go so far to say that you are courting disaster for KlamAV users. But by using a special group with setgid binaries, you would be creating an environment that is less prone to problems. A special group also allows other non-priveledged Dazuko applications to run on the system without requiring that application to run as a specific user. John Ogness -- Dazuko Maintainer _______________________________________________ Dazuko-devel mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/dazuko-devel
