On Sun, Dec 28, 2014 at 10:52:38PM -0500, Jude Nelson wrote:
> Here's a more practical example that hides /dev/input/* and /dev/dri/* from
> every program except the X server (installed to /usr/bin/X):
>
> [vdev-acl]
> bin=/usr/bin/X
> paths=input/.*|dri/.*
> setmode=0666

This seems broken to me... as in, the very idea you can trust a process
because of its executable will give people a false sense of security.

If a process runs with your uid, you can have it do anything you do want
by a number of methods. You can ptrace it, LD_PRELOAD, use a ld of your
own, etc.

The only way to secure this is to use setuid, but then, you already have
a better way selector to build the ACL on.

Thus, I think you'd be better off without bin= stanzas.

--
// If you believe in so-called "intellectual property", please immediately
// cease using counterfeit alphabets. Instead, contact the nearest temple
// of Amon, whose priests will provide you with scribal services for all
// your writing needs, for Reasonable and Non-Discriminatory prices.