Oliver Pitzeier wrote <oliver@linux-kernel.at> wrote:
> Herbert Pötzl <herbert@13thfloor.at> wrote:
> [ ... ]
> > hmm, how will you avoid creation of special (devicenodes)
> > files if I have raw access to any partition? I can 'simply'
> > use xxd to create my special inodes on the medium ... and I
> > would not care if mount is enabled or not when I wipe the
> > root partition with dd ...
>
> AFAIK, there are possibilities to deny _RAW_ access to
> partitions, while in a chroot-jail... If not, I'll tell the
> grsec-team to implement a new feature. :)
I had contact to one of the grsec folks. He told me that it IS
possible, if you have enabled the ACL system...
The original mail he sent me was:
> I noticed your lkml post. grsecurity will indeed deny raw
> access to block devices in a chroot, but only if the ACL
> system is enabled.
Herbert, I hope that helps? :)
Best regards,
Oliver
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Aug 07 2003 - 22:00:37 EST