[Bug 277228] Device permissions security hole with partitioning (/dev/geom.ctl)

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 26 Feb 2024 03:11:05 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277228

--- Comment #5 from Vincent Stemen <vince.bsd@hightek.org> ---

Are there any architectural limitations that would prevent you from making
gpart run under setuid or setgid using the same group ID as geom.ctl
(something other than operator, so that drives can still belong to operator
group for backups. etc), then let gpart check the permissions on the
individual devices before allowing you to modify the partition table?

It seems that that you could do this with any tool that needs *.ctl
permissions.

-- 
You are receiving this mail because:
You are the assignee for the bug.