hpa@zytor.com (H. Peter Anvin) wrote on 26.06.01 in <3B395FE5.1070208@zytor.com>:
> Albert D. Cahalan wrote:
>
> >
> > Normal users can use an environment provided for them.
> >
> > While trying to figure out why the "heyu" program would not
> > work on a Red Hat box, I did just this. As root I set up all
> > the device files needed, along Debian libraries and the heyu
> > executable itself. It was annoying that I couldn't try out
> > my chroot environment as a regular user.
> >
> > Creating the device files isn't a big deal. It wouldn't be
> > hard to write a setuid app to make the few needed devices.
> > If we had per-user limits, "mount --bind /dev/zero /foo/zero"
> > could be allowed. One way or another, devices can be provided.
> >
>
>
> Hell no! This would give the user a way to subvert root or other
> system-provided things by having device nodes or such appear where they
> aren't expected. NOT GOOD.
Well, only allow them where you expect them then. That's easy enough.
MfG Kai
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sat Jun 30 2001 - 21:00:15 EST