著者: Isaac Dunham 日付: To: Noel Torres CC: dng 題目: Re: [Dng] vdev update and design document
On Wed, Jan 14, 2015 at 07:56:15AM +0000, Noel Torres wrote: > On Friday, 2 de January de 2015 19:43:04 Jude Nelson escribió:
> > Hi Luke,
> >
> > I should point out, the ACL criteria for matching processes do not all have
> > to be specified, specifically for the reason you point out. Using the
> > SHA256 to match the process should be a tool of last resort, useful only
> > when the executable's path, inode number, and PID listing commands are
> > unreliable (for example, a program that runs from an arbitrary location but
> > for which no PID listing program can be created). Also, taking the SHA256
> > would be very slow compared to the other criteria. I'll update the design
> > document to emphasize that vdev does not need all of the criteria to be
> > set--just the ones that describe the class of processes the ACL affects.
> >
> > As much as I would like to revoke file descriptors, I'm afraid there's no
> > way to do this that I know of without the kernel's help (but I'd love to
> > learn of one). Systemd-logind has the same problem--once a process opens a
> > file descriptor, another process can't force it to close it (i.e. with
> > systemd-logind, the client can simply dup(2) the file descriptor before
> > systemd-logind closes it). FreeBSD has revoke(2), but AFAIK there is no
> > equivalent syscall for Linux.
>
> Just a wild idea...
>
> We could use /dev-real for the device nodes and /dev for named pipes pointing
> to the device nodes. The named pipes can be connected or disconnected at will,
> depending on the invoking process, while specialized programs (or root) could
> just lurk around /dev-real if something needs to be debugged. This works for
> reading and writing, but not for locking or ioctl, I know, but it is an
> idea...
This will instantly break:
-mount
-OSS and ALSA audio (note that these both expect a device in /dev).
-anything that manipulates block devices/partitions
-anything that checks device type/major/minor
eg, one could check that /dev/*random has the right major and minor.
I don't know if it would work with ttys/ptys.
> Just two (euro) cents
>
> er Envite