SuperUser permission for the Driver??
Carl-Daniel Hailfinger
c-d.hailfinger.devel.2006 at gmx.net
Wed Jun 25 08:01:38 EDT 2008
On 25.06.2008 08:07, Michael Stone wrote:
> We have an activity that wants superuser privilege in order to poke
> kernel memory.
>
Hello? Please take the poor activity out back and shoot it. No activity
has any business poking kernel memory.
> The real questions we should be attempting to address here include:
>
> * Who is granting privilege to this activity?
>
Everybody who wants to ridicule the security model.
> * How are they doing so?
>
> * How should we record the decision?
>
> - My tentative answer is that we should store activities with
> different security properties in well-known directory chains
> with appropriately restricted write access.
>
> * What kinds of abuse are these mechanisms vulnerable to?
>
> * Whose responsibility is it to handle the error condition that the
> human operator does not, him-or-herself posess superuser privilege,
> e.g. for theft-deterrence reasons?
>
Just say no.
Having an activity poke kernel memory is a really strong sign that the
interface is totally broken.
Regards,
Carl-Daniel
More information about the Devel
mailing list