> > $> cat /etc/udev/rules.d/80-ib-umad.rules > > KERNEL=="umad*", NAME="infiniband/%k", MODE="0666"
> It is not the same. Your propose to expose /dev/infiniband/umad device > access to all world, which is obviously even more dangerous than SUIDing > diagnostic programs. Well, different threats. Making umad files world-writable means anyone can inject whatever MADs they want to into the fabric. On the other hand, if an arbitrary code execution security hole is found in a diagnostic program, then having it SUID root means the hole becomes a local root exploit. It's hard to assess which is really more dangerous. -- Roland Dreier <[email protected]> || For corporate legal information go to: http://www.cisco.com/web/about/doing_business/legal/cri/index.html _______________________________________________ ewg mailing list [email protected] http://lists.openfabrics.org/cgi-bin/mailman/listinfo/ewg
