[Nut-upsdev] Re: [nut-commits] svn commit r831 - in trunk: .
Peter Selinger
selinger at mathstat.dal.ca
Mon Mar 5 15:57:16 CET 2007
Charles Lepple wrote:
>
> In general, when you want to isolate the amount of damage that a
> process can do, you don't give that process ownership of a file,
> device node or socket - you just give it group read-write permission.
I just committed the change that makes --with-group mandatory if
--with-user is given (and vice versa). But I am still don't understand
the argument in favour of using groups, not users, for file
ownership. What damage can a process do by owning a file, rather than
having read-write permission to it? Is there something that file
owners can do that group members can't? Changing the file's
permissions, perhaps? -- Peter
> That said, I'm not sure what the practical difference is, besides
> making it harder for someone trying to exploit a potential buffer
> overrun in the driver. It's complicated further by the fact that some
> of the distributions are still using /proc/bus/usb (usbdevfs), and
> others are using udev to create a regular directory with links and
> character device nodes that point to the same things that usbdevfs
> points to.
>
> --
> - Charles Lepple
>
More information about the Nut-upsdev
mailing list