SuperUser permission for the Driver??

Carl-Daniel Hailfinger c-d.hailfinger.devel.2006 at gmx.net
Wed Jun 25 08:01:38 EDT 2008


On 25.06.2008 08:07, Michael Stone wrote:
> We have an activity that wants superuser privilege in order to poke
> kernel memory.
>   

Hello? Please take the poor activity out back and shoot it. No activity
has any business poking kernel memory.

> The real questions we should be attempting to address here include:
>
> * Who is granting privilege to this activity?
>   

Everybody who wants to ridicule the security model.

> * How are they doing so?
>
> * How should we record the decision?
>
>      -  My tentative answer is that we should store activities with
>         different security properties in well-known directory chains
>         with appropriately restricted write access.
>
> * What kinds of abuse are these mechanisms vulnerable to?
>
> * Whose responsibility is it to handle the error condition that the
>   human operator does not, him-or-herself posess superuser privilege,
>   e.g. for theft-deterrence reasons?
>   

Just say no.

Having an activity poke kernel memory is a really strong sign that the
interface is totally broken.

Regards,
Carl-Daniel



More information about the Devel mailing list