On Tue, 04 Oct 2005, Marco d'Itri wrote: > On Oct 04, Henrique de Moraes Holschuh <[EMAIL PROTECTED]> wrote: > > (2) and (3) above are a hideous race that needs to be fixed. It probably > Right: use udev.
Good. > > could be used to gain limited, but still unauthorized access to mass-storage > > devices for example (I didn't test). > How? 1. Wait for user to hotplug USB device 2. Maybe slow down the system to a crawl, easily done in most systems because almost no one uses CPU limits. This widens the window quite a lot because hotplug crawls and eats CPU like a Tron 2.0 resource hog. Since as things are we have about a 0.5s window in a reasonably fast machine, this pass is quite optional and probably not needed. 3. Open raw device file for reading, it is unprotected at this time 4. Do whatever you want with it, it doesn't matter that hotplug will sooner or later chown/chmod it. You already have a valid filehandle. There are some difficulties on implementing this, but it is hardly impossible. Still, the current racy setup is so hideous, it should be fixed on principle alone... > > In that case, the fix would probably be to get rid of usbfs completely... as > Done: 2.6.14 will provide /dev/bus/usb/ devices which can be managed > with udev. It will be done when we deploy it on Debian and remove the buggy crap we have right now/apply a workaround for those not using udev/2.6.14. Are the current udev/hotplug config/agents dealing with USB devices comprehensive enough that just changing the usbfs mounting to root-only by default would simply work? -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
