[Pkg-zfsonlinux-devel] Bug#888736: Bug#888736: zfs-dkms: assign a seperate group zfsadm to /dev/zfs
Hans Freitag
zem at fnordpol.de
Wed Jan 31 12:04:34 UTC 2018
Hi,
On 29.01.2018 21:17, Richard Laager wrote:
> After 0.7.0, the permissions on /dev/zfs should be set to 0666.
> Obviously the group no longer matters, and so it can be root.
I thought about 0666 too, but that means we have to pretend that the zfs
modules has no bugs ever that can be exploited.
Adding a group zfsadm and use 0660 would add a seperate security layer
in case of any bugs in the zfs module that can be used to escalate
priviledges. Even audio has its own group, and I would consider that
device far less risky than a filsystem tool.
regards
Hans
More information about the Pkg-zfsonlinux-devel
mailing list