Date: Mon, 26 Feb 2024 03:11:05 +0000 From: bugzilla-noreply@freebsd.org To: geom@FreeBSD.org Subject: [Bug 277228] Device permissions security hole with partitioning (/dev/geom.ctl) Message-ID: <bug-277228-14739-QAkNpXvB6k@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-277228-14739@https.bugs.freebsd.org/bugzilla/> References: <bug-277228-14739@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D277228 --- Comment #5 from Vincent Stemen <vince.bsd@hightek.org> --- Are there any architectural limitations that would prevent you from making gpart run under setuid or setgid using the same group ID as geom.ctl (something other than operator, so that drives can still belong to operator group for backups. etc), then let gpart check the permissions on the individual devices before allowing you to modify the partition table? It seems that that you could do this with any tool that needs *.ctl permissions. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-277228-14739-QAkNpXvB6k>