Bug#304476: udev: LVM2 LVs created with wrong ownership /
permissions
Lionel Elie Mamane
lionel at mamane.lu
Tue Aug 30 12:03:17 UTC 2005
On Sun, Apr 17, 2005 at 05:13:44PM +0200, Bastian Blank wrote:
> On Sun, Apr 17, 2005 at 03:46:35PM +0200, Lionel Elie Mamane wrote:
>> For one, it forces backup programs to run as root, instead of
>> another user ID member of "disk". This makes stepping up from a
>> compromise of the backup server to a full root compromise of the
>> backuped machines far easier, when using a partition-based network
>> backup system.
> Write access to the devices is mostly equivalent to root. Better use
> CAP_DAC_READ.
This may be better in some abstract sense, but in a practical sense,
with capabilities as implemented in Linux, it needs modifying all
backup programs (or running them as root), because if they don't do
special linux-specific things via prctl(), they'll lose any capability
you may have bestowed on them when they setuid() to a non-privileged
user.
Besides, for partition-level backup, arguably regular rights to read
the device are better (because more fine-grained) than blanket rights
to real all. (Although theoretically, reading the device means you can
read anything, it makes it _harder_ for the attacker. That's a always
something gained.)
That's no _practical_ solution, _right_ _now_.
--
Lionel
More information about the pkg-lvm-maintainers
mailing list