On Tue, 11 Jun 2002, Thomas 'Dent' Mirlacher wrote:
> hi list,
>
> i was wondering if if it's reasonable to disable root write access
> for procfs,driverfs files (which have file permissions set to read
> only)
It is never reasonable. Check what root can do with any file...
Script started on Thu Jun 13 08:56:22 2002
# >foo
# ls -la
total 12
drwxrwxrwx 2 root root 4096 Jun 13 08:56 .
drwxr-xr-x 24 root root 4096 Jun 13 04:09 ..
-rw-rw-rw- 1 root root 4 Jun 13 08:49 .811.117b9a
-rw-r--r-- 1 root root 0 Jun 13 08:56 foo
-rw-r--r-- 1 root root 0 Jun 13 08:56 typescript
# chmod 444 foo # File set to Readonly
# ls -la
total 12
drwxrwxrwx 2 root root 4096 Jun 13 08:56 .
drwxr-xr-x 24 root root 4096 Jun 13 04:09 ..
-rw-rw-rw- 1 root root 4 Jun 13 08:49 .811.117b9a
-r--r--r-- 1 root root 0 Jun 13 08:56 foo
-rw-r--r-- 1 root root 0 Jun 13 08:56 typescript
# ls -la >foo # Now, root can write to a readonly file.
# ls -la
total 16
drwxrwxrwx 2 root root 4096 Jun 13 08:56 .
drwxr-xr-x 24 root root 4096 Jun 13 04:09 ..
-rw-rw-rw- 1 root root 4 Jun 13 08:49 .811.117b9a
-r--r--r-- 1 root root 316 Jun 13 08:56 foo
-rw-r--r-- 1 root root 0 Jun 13 08:56 typescript
# cat foo
total 12
drwxrwxrwx 2 root root 4096 Jun 13 08:56 .
drwxr-xr-x 24 root root 4096 Jun 13 04:09 ..
-rw-rw-rw- 1 root root 4 Jun 13 08:49 .811.117b9a
-r--r--r-- 1 root root 0 Jun 13 08:56 foo
-rw-r--r-- 1 root root 0 Jun 13 08:56 typescript
# exit
exit
Script done on Thu Jun 13 08:57:06 2002
The ability for root to do anything, including ignoring file-permissions,
is not going to go away.
Cheers,
Dick Johnson
Penguin : Linux version 2.4.18 on an i686 machine (797.90 BogoMips).
Windows-2000/Professional isn't.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sat Jun 15 2002 - 22:00:28 EST