[plug] USB & kernel questions

Cameron Patrick cameron at patrick.wattle.id.au
Thu Dec 18 12:52:56 WST 2003


On Thu, Dec 18, 2003 at 12:31:12PM +0800, James Devenish wrote:

| > | > mount is (and should be) setuid root
| > | Bzzt. But I imagine it was, by far, clearly the "best effort" at the
| > | time.
| > So how should it be done, then?
| 
| You may, previously, have seen me wheel out the phrase "Some vendors..."
| to avoid summarising all the better designs that are out there and all
| the worse designs that are out there.

Sorry, I was asking that more in the context of "given the limitations
of the 2.2 Linux kernel[1], how could they do better than setuid
mount while still providing the same functionality?".

I shall confess that I really don't have any experience of any other
"some vendors"[2] or what magic they may be using to work around this...

Cameron.

[1] This the oldest kernel version supported by Debian woody, I believe.
Even a 2.4 (and 2.6?) kernel doesn't do much better unless it has the
SE Linux patches installed.

[2] I had a look at the OpenBSD web site to see if I could find any
description of what they did given that they have a reputation for being
paranoid security nutters, but found little besides "we have fewer
setuid binaries than anyone else, *nyah nyah*".  I was mildly amused by
the headline on openbsd.org saying "Only one remote hole in the default
install, in more than 7 years!", though - for some reason I initially
parsed it as implying that they still hadn't patched it after all those
years.




More information about the plug mailing list