Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Thu, 13 Jun 2002 09:55:50 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Thu, 13 Jun 2002 09:55:49 -0400 Received: from loewe.cosy.sbg.ac.at ([141.201.2.12]:60112 "EHLO loewe.cosy.sbg.ac.at") by vger.kernel.org with ESMTP id ; Thu, 13 Jun 2002 09:55:48 -0400 Date: Thu, 13 Jun 2002 15:55:45 +0200 (MET DST) From: "Thomas 'Dent' Mirlacher" To: "Richard B. Johnson" cc: Linux-Kernel ML Subject: Re: write-permission check for root In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org dick, > > i was wondering if if it's reasonable to disable root write access > > for procfs,driverfs files (which have file permissions set to read > > only) > > It is never reasonable. Check what root can do with any file... yes, for the normal filesystem it's reasonable - procfs and driverfs are a different thing. (if you want everyone just to read the value, you mean everyone - even root) procfs _does_ implement a check for that, it's only driverfs which doesn't (for now) ... and i just wanted to know if there's a reason for that. --snip/snip > The ability for root to do anything, including ignoring file-permissions, > is not going to go away. it is gone already. (try to change /proc/version ;), also the capabilities are there to not allow _everything_ for root (but that's not neccesarily an fs issue) thanks, tm -- in some way i do, and in some way i don't. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/