Re: write-permission check for root

From: Thomas 'Dent' Mirlacher (dent@cosy.sbg.ac.at)
Date: Thu Jun 13 2002 - 08:55:45 EST


dick,

> > i was wondering if if it's reasonable to disable root write access
> > for procfs,driverfs files (which have file permissions set to read
> > only)
>
> It is never reasonable. Check what root can do with any file...

yes, for the normal filesystem it's reasonable - procfs and driverfs
are a different thing. (if you want everyone just to read the value,
you mean everyone - even root)

procfs _does_ implement a check for that, it's only driverfs which doesn't
(for now) ... and i just wanted to know if there's a reason for that.

--snip/snip

> The ability for root to do anything, including ignoring file-permissions,
> is not going to go away.

it is gone already. (try to change /proc/version ;), also the capabilities
are there to not allow _everything_ for root (but that's not neccesarily an
fs issue)

thanks,

        tm

-- 
in some way i do, and in some way i don't.

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Sat Jun 15 2002 - 22:00:28 EST