| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 25 Oct 2007 12:23:28 +0200 From: "Bram Neijt" <bneijt@...il.com> To: linux-ext4@...r.kernel.org Subject: Re: User permissions or UID/GIDs for portable disks? First of all thank you for your reply. To your question about allowing users to access/write to your files, I would awnser yes. This is the whole point: allowing the owner of the object full access without root privileges. I want to be able to substitute a floppy or rewritable CD with an usbstick. Giving the device to somebody will allow them to go any terminal with root access and do anything they want anyway (unless I use encryption). As I see it, the problem is that only the creator/owner of the portable media knows what should be allowed by a non-root user when it is plugged into another system. When I use it as a portable data system for file interchange (like a rewritable cdrom or an old-fashioned floppy), there is no way of telling the receiving system that it should allow users to modify anything on this device. Without, mind you, allowing any user of the system to modify anything on all USB attached devices. Those devices may be usb disks with critical work data that should be read-only for any work colleague but me. One solution I can come up with, which would push the problem a level higher, is by using a special disk label or UUID. But using a special UUID for all "read and write anywhere" usb media, would probably violate the whole "unique" idea about it ;-). A special label would suffice, but may be perceived as ugly. So the best solution I can come up with: make all attached media with a point at the end of their label user owned. Because I have the idea it should either be a globally agreed method on every system I encounter or it should be something I can convey in the filesystem/attributes when formatting, I thought I would ask everybody on this list about it. Greets, Bram PS As soon as anyboby feels that this discussion should not be held on this mailinglist, please feel free to kindly redirect me to another location. On 10/25/07, Eric <erpo41@...il.com> wrote: > On Wed, 2007-10-24 at 20:10 +0200, Bram Neijt wrote: > > One of the best solutions I can come up with is if the filesystem > > would allow for a switch that would help ignore these permissions as > > part of the filesystem. > > Ignoring file permissions on removable, user-supplied media sounds like > something that ought to be done above the level of individual > filesystems, just like how we ignore device files and suid/sgid files in > certain cases. Maybe this is something that ought to be one level up > from the ext2/3/4 filesystem driver? > > In any case, this raises interesting questions. If we ignore permissions > on removable media, then anyone logged into your work computer (to which > you do not have root access) will be able to muck about with your files. > Is that something you want? > > Cheers, > > Eric > > > - To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists