Bug#304476: udev: LVM2 LVs created with wrong ownership / permissions

Lionel Elie Mamane lionel at mamane.lu
Tue Aug 30 12:03:17 UTC 2005

On Sun, Apr 17, 2005 at 05:13:44PM +0200, Bastian Blank wrote:
> On Sun, Apr 17, 2005 at 03:46:35PM +0200, Lionel Elie Mamane wrote:

>> For one, it forces backup programs to run as root, instead of
>> another user ID member of "disk". This makes stepping up from a
>> compromise of the backup server to a full root compromise of the
>> backuped machines far easier, when using a partition-based network
>> backup system.

> Write access to the devices is mostly equivalent to root. Better use

This may be better in some abstract sense, but in a practical sense,
with capabilities as implemented in Linux, it needs modifying all
backup programs (or running them as root), because if they don't do
special linux-specific things via prctl(), they'll lose any capability
you may have bestowed on them when they setuid() to a non-privileged

Besides, for partition-level backup, arguably regular rights to read
the device are better (because more fine-grained) than blanket rights
to real all. (Although theoretically, reading the device means you can
read anything, it makes it _harder_ for the attacker. That's a always
something gained.)

That's no _practical_ solution, _right_ _now_.


More information about the pkg-lvm-maintainers mailing list