On 01/26/15 12:41, Simon McVittie wrote: > On 24/01/15 10:09, Topi Miettinen wrote: >> For example, smartd only needs access to /dev/sd*. > > Let me spell that differently: smartd "only" needs the ability to make > arbitrary filesystem changes, defeating any possible configurable > security mechanism.
Not exactly: it only needs read access. Depending on the system, that could be very different from being able to make arbitrary filesystem changes. > > If you give it access to /dev/sd* but not to other devices, what > security or safety have you actually gained, compared with giving it all > of /dev? Maybe nothing. But why should smartd be able access any other devices? > > Admittedly, there are better examples, like saned only needing access to > USB scanners (plus SCSI scanners, serial ports and parallel ports if you > care about older hardware). I suspect device permissions are a rather > better answer for finer-grained access control than "all or nothing", > though. If a device does not exist at all, it's harder to access it than if only device permissions and/or SELinux protect it. Not impossible, but harder. -Topi > > S > > _______________________________________________ > systemd-devel mailing list > systemd-devel@lists.freedesktop.org > http://lists.freedesktop.org/mailman/listinfo/systemd-devel > _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
