[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [rtl] make devices ?

To: <rtl@fsmlabs.com>
Subject: RE: [rtl] make devices ?
From: "Lilja, Michael" <mil@firstmilesystems.com>
Date: Sat, 15 Dec 2001 16:30:32 +0100
Thread-Index: AcGE9Tb5/c4qsUEWQ6C7EWmUfgcPHQAh8QSg
Thread-Topic: [rtl] make devices ?

Hi,

I think the problem with mknod is solved. I have made it possible for
the development group to access the mknod command. The /dev is only
writable for the root.

Thanks,
Michael

-----Original Message-----
From: Calin A. Culianu [mailto:calin@ajvar.org]
Sent: 14. december 2001 17:11
To: rtl@fsmlabs.com
Subject: Re: [rtl] make devices ?


On Thu, 13 Dec 2001, Norm Dresner wrote:

> ----- Original Message -----
> From: Calin A. Culianu <calin@ajvar.org>
> To: <rtl@fsmlabs.com>
> Sent: Thursday, December 13, 2001 5:06 PM
> Subject: Re: [rtl] make devices ?
>
>
> >
> > You can write a small C program to essentially act as a wrapper to
> the
> > mknod(2) system call.  Then set this program to be setuid-root and
> have it
> > behave correctly as such..  Also this allows you to control exactly
> WHAT
> > devices a user can create.
> >
> > The other alternative that was suggested was to just set the mknod
> binary
> > to be setuid root.  This can have security and safety ramifications,
> and
> > it may not even work at all (IIRC programs usually need to be
> > setuid-aware).  Can you imagine what would happen if a goofy
> developer who
> > mistyped a major number instead pointed a device node to something
> like
> > the ide driver rather than an RTF?  Then he tries to write to the
> fifo and
> > POOF, there goes your hard drive!  :)
>
> The OP asked how to allow non-root users to access one (or more)
> root-only commands.  Every answer to this question (other than "don't
> do it") entails risks.  Further, every answer to the question entails

Not true.

> running the mknod binary and therefore carries the same risks.


Not true. man 2 mknod.  Write a C program.  Setuid it.  Make sure it
only
knows how to create rtf's and other assorted rtl-related device.  End of
story.

-Calin

>
>         Norm
>
>
>
> -- [rtl] ---
> To unsubscribe:
> echo "unsubscribe rtl" | mail majordomo@rtlinux.org OR
> echo "unsubscribe rtl <Your_email>" | mail majordomo@rtlinux.org
> --
> For more information on Real-Time Linux see:
> http://www.rtlinux.org/
>

-- [rtl] ---
To unsubscribe:
echo "unsubscribe rtl" | mail majordomo@rtlinux.org OR
echo "unsubscribe rtl <Your_email>" | mail majordomo@rtlinux.org
--
For more information on Real-Time Linux see:
http://www.rtlinux.org/

Prev by Date: Re: [rtl] getting debugger running?
Next by Date: thread specific data
Prev by thread: RE: [rtl] make devices ?
Next by thread: Boletin GranPyme Num 19
Index(es):
- Date
- Thread