著者: Adam Borowski 日付: To: dng 題目: Re: [Dng] Device management [WAS: system scriptinng language.]
On Sun, Dec 28, 2014 at 10:52:38PM -0500, Jude Nelson wrote: > Here's a more practical example that hides /dev/input/* and /dev/dri/* from
> every program except the X server (installed to /usr/bin/X):
>
> [vdev-acl]
> bin=/usr/bin/X
> paths=input/.*|dri/.*
> setmode=0666
This seems broken to me... as in, the very idea you can trust a process
because of its executable will give people a false sense of security.
If a process runs with your uid, you can have it do anything you do want
by a number of methods. You can ptrace it, LD_PRELOAD, use a ld of your
own, etc.
The only way to secure this is to use setuid, but then, you already have
a better way selector to build the ACL on.
Thus, I think you'd be better off without bin= stanzas.
--
// If you believe in so-called "intellectual property", please immediately
// cease using counterfeit alphabets. Instead, contact the nearest temple
// of Amon, whose priests will provide you with scribal services for all
// your writing needs, for Reasonable and Non-Discriminatory prices.