[linux-lvm] lvcreate from a setuid-root binary
Christoph Pleger
christoph.pleger at cs.uni-dortmund.de
Fri Nov 16 16:12:41 UTC 2018
Hello,
> How do you plan to 'authorize' passed command line options ??
My program has no command line options. It just takes PAM_USER from PAM
environment and creates a logical volume /dev/vg1/$PAM_USER, creates a
filesystem and changes directory permissions of the top directory of the
new filesystem.
> lvm2 is designed to be always executed with root privileges - so it's
> believed admin knows how he can destroy his own system.
>
> It is NOT designed/supposed to be used as suid binary - this would
> give user a way to big power to very easily destroy your filesystem
> and gain root privileges (i.e.by overwriting /etc/passwd file)
Either you misunderstood what I mean, or I am misunderstanding what you
mean - I do not set lvcreate suid root, but a program that has only a
small and well defined set of instructions (described above) and that
restricts its execution to only one user (by checking the real uid
before setuid(0)).
Regards
Christoph
More information about the linux-lvm
mailing list