cdrecord permission problems
Alan Cox
alan at lxorguk.ukuu.org.uk
Mon Jul 7 18:17:07 UTC 2008
> I recently read a paper about the role base security now in the kernel.
> Would your last statement be true under that scenario? That is, if a cd role was
> created as restricted as it could be? Would it be true if the role was combined
> with SELinux?
I'd still be able to patch the firmware to make the drive hand back a
fake bootable image which hacked the box before Linux ever ran (assuming
the CD drive was in the boot order)
The right answer is to have patches to let HAL update the command table
according to the drive identity. So far nobody has considered it
important enough to produce some (that I've seen anyway).
You might want to combine that with role based security or SELinux rules
Alan
More information about the fedora-list
mailing list