On Wed, 22 Sep 2010 15:37:50 +0100 Owain Ainsworth <[email protected]> wrote:
> On Wed, Sep 22, 2010 at 11:45:10AM +0100, Kevin Chadwick wrote: > > On Wed, 22 Sep 2010 11:25:02 +0100 > > Owain Ainsworth <[email protected]> wrote: > > > > > On Tue, Sep 21, 2010 at 06:32:50PM -0700, Matthew Dempsky wrote: > > > > /dev/tun* are already owned by root and mode 0600 by default, so it > > > > seems redundant to check suser() in tunopen(). > > > > > > Looks like vnd could have the same change for the same resons. > > > > > > If so i'll whip up the requisite two-liner. > > > > > > -0- > > > -- > > > Computers are useless. They can only give you answers. > > > -- Pablo Picasso > > > > > > > I can see potential reasons for changing the user on tun devices and > > so saw no problem at all. I wonder if it is better however to have the > > check at runtime for things like vnconfig, could having the wrong user > > jeopardise an encryption password at all?. > > Reading the code, you can do VNDIOCGET, that gets you the filename, > device and inode of the vnd, that is it. The other ioctls are the > standard disk ones, create vnd (takes a key) and delete vnd. > > We have device permissions for a reason, i find it questionable to > redundantly check, if you change permisions to let any man or his dog > create a vnd, you deserve what you get. > > -0- > -- > Graduate life: It's not just a job. It's an indenture. > Thanks for checking and I realised that in most cases you'd need to be root or some planned user and so could probably? read that memory anyway. I just imagined it was put there for a reason and don't see what harm it could do and potentially that it could do good, but I see my reasoning was wrong and I should have took time and thought a bit harder before responding. Could it be to prevent an admin from setting up a restricted user that is just able to use that device because that user would gain access to some sensitive memory and so the admin should setup sudo instead? Anyway just thought I'd run a possible reason for it being there past you. Sorry if we find I'm just wasting your time. Kc
