Re: [PATCH] udevd - client access authorization

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Greg KH <greg@kroah.com>
To: linux-hotplug@vger.kernel.org
Subject: Re: [PATCH] udevd - client access authorization
Date: Thu, 12 Feb 2004 01:29:39 +0000	[thread overview]
Message-ID: <20040212012939.GF15983@kroah.com> (raw)
In-Reply-To: <20040211030404.GA16931@vrfy.org>

On Thu, Feb 12, 2004 at 01:14:31AM +0100, Kay Sievers wrote:
> On Wed, Feb 11, 2004 at 02:34:32PM -0800, Greg KH wrote:
> > On Wed, Feb 11, 2004 at 04:04:04AM +0100, Kay Sievers wrote:
> > > Here is the badly needed client authorization for udevd.
> > > Since we switched to abstract namespace sockets, we are unable to
> > > control the access of the socket by file permissions.
> > > 
> > > So here we send a ancillary credential message with every datagram,
> > > to be able to verify the uid of the sender. The sender can't fake the
> > > credentials, cause the kernel doesn't allow it for non root users.
> > 
> > Thanks a lot for fixing this up.  I wouldn't want any user to be able to
> > add or remove devices from /dev by just talking through a socket.
> 
> Here is a small improvement. We check for the type of message we receive
> and udevsend seems not to need all the credential setup stuff, the
> kernel will fill it for us.
> 
> udevd now refuses to start as non root, cause it doesn't make any sense.

Applied, thanks.

> Are we changing the mode_t in udev.h to unsigned int now?

I just did that in the tree.

thanks,

greg k-h


-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id\x1356&alloc_id438&op=click
_______________________________________________
Linux-hotplug-devel mailing list  http://linux-hotplug.sourceforge.net
Linux-hotplug-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-hotplug-devel

     prev parent reply	other threads:[~2004-02-12  1:29 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-02-11  3:04 [PATCH] udevd - client access authorization Kay Sievers
2004-02-11 22:34 ` Greg KH
2004-02-12  0:14 ` Kay Sievers
2004-02-12  1:29 ` Greg KH [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20040212012939.GF15983@kroah.com \
    --to=greg@kroah.com \
    --cc=linux-hotplug@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.