On Sun, Dec 28, 2014 at 10:52:38PM -0500, Jude Nelson wrote: > Here's a more practical example that hides /dev/input/* and /dev/dri/* from > every program except the X server (installed to /usr/bin/X): > > [vdev-acl] > bin=/usr/bin/X > paths=input/.*|dri/.* > setmode=0666
This seems broken to me... as in, the very idea you can trust a process because of its executable will give people a false sense of security. If a process runs with your uid, you can have it do anything you do want by a number of methods. You can ptrace it, LD_PRELOAD, use a ld of your own, etc. The only way to secure this is to use setuid, but then, you already have a better way selector to build the ACL on. Thus, I think you'd be better off without bin= stanzas. -- // If you believe in so-called "intellectual property", please immediately // cease using counterfeit alphabets. Instead, contact the nearest temple // of Amon, whose priests will provide you with scribal services for all // your writing needs, for Reasonable and Non-Discriminatory prices. _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
