Bug#304476: udev: LVM2 LVs created with wrong ownership / permissions
Bastian Blank
Bastian Blank <waldi@debian.org>, 304476@bugs.debian.org
Sun, 17 Apr 2005 17:13:44 +0200
--J/dobhs11T7y2rNN
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Sun, Apr 17, 2005 at 03:46:35PM +0200, Lionel Elie Mamane wrote:
> For one, it forces backup programs to run as root, instead of another
> user ID member of "disk". This makes stepping up from a compromise of
> the backup server to a full root compromise of the backuped machines
> far easier, when using a partition-based network backup system.
Write access to the devices is mostly equivalent to root. Better use
CAP_DAC_READ.
Bastian
--=20
Phasers locked on target, Captain.
--J/dobhs11T7y2rNN
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iEYEARECAAYFAkJifSgACgkQnw66O/MvCNHGNgCgiL4EZ8be4XpCDXF9BjR5r0oc
ZlYAoIVJ/zeZrhWygkI+vCcavNW8i037
=BLBO
-----END PGP SIGNATURE-----
--J/dobhs11T7y2rNN--