Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Thu, 13 Jun 2002 08:58:26 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Thu, 13 Jun 2002 08:58:25 -0400 Received: from chaos.analogic.com ([204.178.40.224]:49797 "EHLO chaos.analogic.com") by vger.kernel.org with ESMTP id ; Thu, 13 Jun 2002 08:58:25 -0400 Date: Thu, 13 Jun 2002 09:00:12 -0400 (EDT) From: "Richard B. Johnson" Reply-To: root@chaos.analogic.com To: "Thomas 'Dent' Mirlacher" cc: Linux-Kernel ML Subject: Re: write-permission check for root In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 11 Jun 2002, Thomas 'Dent' Mirlacher wrote: > hi list, > > i was wondering if if it's reasonable to disable root write access > for procfs,driverfs files (which have file permissions set to read > only) It is never reasonable. Check what root can do with any file... Script started on Thu Jun 13 08:56:22 2002 # >foo # ls -la total 12 drwxrwxrwx 2 root root 4096 Jun 13 08:56 . drwxr-xr-x 24 root root 4096 Jun 13 04:09 .. -rw-rw-rw- 1 root root 4 Jun 13 08:49 .811.117b9a -rw-r--r-- 1 root root 0 Jun 13 08:56 foo -rw-r--r-- 1 root root 0 Jun 13 08:56 typescript # chmod 444 foo # File set to Readonly # ls -la total 12 drwxrwxrwx 2 root root 4096 Jun 13 08:56 . drwxr-xr-x 24 root root 4096 Jun 13 04:09 .. -rw-rw-rw- 1 root root 4 Jun 13 08:49 .811.117b9a -r--r--r-- 1 root root 0 Jun 13 08:56 foo -rw-r--r-- 1 root root 0 Jun 13 08:56 typescript # ls -la >foo # Now, root can write to a readonly file. # ls -la total 16 drwxrwxrwx 2 root root 4096 Jun 13 08:56 . drwxr-xr-x 24 root root 4096 Jun 13 04:09 .. -rw-rw-rw- 1 root root 4 Jun 13 08:49 .811.117b9a -r--r--r-- 1 root root 316 Jun 13 08:56 foo -rw-r--r-- 1 root root 0 Jun 13 08:56 typescript # cat foo total 12 drwxrwxrwx 2 root root 4096 Jun 13 08:56 . drwxr-xr-x 24 root root 4096 Jun 13 04:09 .. -rw-rw-rw- 1 root root 4 Jun 13 08:49 .811.117b9a -r--r--r-- 1 root root 0 Jun 13 08:56 foo -rw-r--r-- 1 root root 0 Jun 13 08:56 typescript # exit exit Script done on Thu Jun 13 08:57:06 2002 The ability for root to do anything, including ignoring file-permissions, is not going to go away. Cheers, Dick Johnson Penguin : Linux version 2.4.18 on an i686 machine (797.90 BogoMips). Windows-2000/Professional isn't. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/