lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <46c2f4ab0710250323y28107ce7qf13b608954f86c4f@mail.gmail.com>
Date:	Thu, 25 Oct 2007 12:23:28 +0200
From:	"Bram Neijt" <bneijt@...il.com>
To:	linux-ext4@...r.kernel.org
Subject: Re: User permissions or UID/GIDs for portable disks?

First of all thank you for your reply.

To your question about allowing users to access/write to your files, I
would awnser yes. This is the whole point: allowing the owner of the
object full access without root privileges. I want to be able to
substitute a floppy or rewritable CD with an usbstick. Giving the
device to somebody will allow them to go any terminal with root access
and do anything they want anyway (unless I use encryption).

As I see it, the problem is that only the creator/owner of the
portable media knows what should be allowed by a non-root user when it
is plugged into another system. When I use it as a portable data
system for file interchange (like a rewritable cdrom or an
old-fashioned floppy), there is no way of telling the receiving system
that it should allow users to modify anything on this device. Without,
mind you, allowing any user of the system to modify anything on all
USB attached devices. Those devices may be usb disks with critical
work data that should be read-only for any work colleague but me.

One solution I can come up with, which would push the problem a level
higher, is by using a special disk label or UUID. But using a special
UUID for all "read and write anywhere" usb media, would probably
violate the whole "unique" idea about it ;-). A special label would
suffice, but may be perceived as ugly. So the best solution I can come
up with: make all attached media with a point at the end of their
label user owned.

Because I have the idea it should either be a globally agreed method
on every system I encounter or it should be something I can convey in
the filesystem/attributes when formatting, I thought I would ask
everybody on this list about it.

Greets,
  Bram

PS As soon as anyboby feels that this discussion should not be held on
this mailinglist, please feel free to kindly redirect me to another
location.

On 10/25/07, Eric <erpo41@...il.com> wrote:
> On Wed, 2007-10-24 at 20:10 +0200, Bram Neijt wrote:
> > One of the best solutions I can come up with is if the filesystem
> > would allow for a switch that would help ignore these permissions as
> > part of the filesystem.
>
> Ignoring file permissions on removable, user-supplied media sounds like
> something that ought to be done above the level of individual
> filesystems, just like how we ignore device files and suid/sgid files in
> certain cases. Maybe this is something that ought to be one level up
> from the ext2/3/4 filesystem driver?
>
> In any case, this raises interesting questions. If we ignore permissions
> on removable media, then anyone logged into your work computer (to which
> you do not have root access) will be able to muck about with your files.
> Is that something you want?
>
> Cheers,
>
> Eric
>
>
>
-
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ