[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: cdrecord permission problems

From: Alan Cox <alan lxorguk ukuu org uk>
To: For users of Fedora <fedora-list redhat com>
Cc:
Subject: Re: cdrecord permission problems
Date: Mon, 7 Jul 2008 19:17:07 +0100

> I recently read a paper about the role base security now in the kernel.  
> Would your last statement be true under that scenario?  That is, if a cd role was 
> created as restricted as  it could be?  Would it be true if the role was combined
> with SELinux?

I'd still be able to patch the firmware to make the drive hand back a
fake bootable image which hacked the box before Linux ever ran (assuming
the CD drive was in the boot order)
 
The right answer is to have patches to let HAL update the command table
according to the drive identity. So far nobody has considered it
important enough to produce some (that I've seen anyway).

You might want to combine that with role based security or SELinux rules

Alan

References:
- cdrecord permission problems
  - From: Mike Chambers
- Re: cdrecord permission problems
  - From: Bill Davidsen
- Re: cdrecord permission problems
  - From: Alan Cox
- Re: cdrecord permission problems
  - From: Bill Davidsen
- Re: cdrecord permission problems
  - From: Alan Cox
- Re: cdrecord permission problems
  - From: stan

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]