Re: mkfs continued

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MMike at <-
M 
Attachments:
Message as email
+ (text/plain)
+ (application/pgp-signature)
Delete this message
Reply to this message
Author: Bill Jonas
Date:  
To: plug-discuss
Subject: Re: mkfs continued
On Sat, Mar 20, 2004 at 12:35:36AM -0700, Mike wrote:
> Well he formatted a partition on his drive, and could not write to it. It is
> not like it was root. The only other way I would suggest would be
> chmod 751 ****. I figure there is no network, and no major security issue at
> home, therefore 777 should suffice, especially on new found drive space that
> will most likely be used for storage, but I may be wrong.

Okay, there are two *big* issues here.

1.) The permissions on the device have nothing to do with the
permissions on the filesystem.

2.) It is an *extremely* *bad* idea to allow anyone other than root (and
maybe group disk or something) to have read/write access to hard drive
devices. There are a couple reasons for this. 

    a.) You might well be the only user on the system.  That's fine and
    dandy; what happens now when your security is compromised?


    b.) So you say that you have the system behind the perfect firewall,
    or it's not connected to the 'net, and it's dropping all incoming
    packets, in a concrete-and-lead-lined-room, flawless physical
    security, etc.  Why does it matter then?  Well, what if you make a
    mistake and start writing to the wrong partition?  What if you're
    running some software that has a malicious component to it that
    scribbles on any partition it can?


You might say that this can happen regardless, when you're running as
root and installing software, or whatever. You would be correct, but
your exposure to such disaster would be greatly reduced since you run as
root rarely.

Not to mention that this doesn't solve the problem anyway. See point
number one; you can write to the device itself but still not have any
permission whatsoever on the filesystem itself.

Modifying the permissions on the device in the manner you suggest is not
the answer; it will not only not solve the problem but will also cause
several others. 

-- 
Bill Jonas    *        *    http://www.billjonas.com/
"It's a dangerous business, Frodo, going out your front door.  You step
into the Road,  and if you don't keep your feet,  there  is  no knowing
where you might be swept off to."  --  Bilbo Baggins

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Re: Gentoo + X + Old ATI Rage Pro cardRe: Gentoo + X + Old ATI Rage Pro card->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)