Re: Hello Debugger/Goodbye Machine
Re: Hello Debugger/Goodbye Machine
- Subject: Re: Hello Debugger/Goodbye Machine
- From: Terry Lambert <email@hidden>
- Date: Fri, 10 Mar 2006 10:53:34 -0800
On Mar 10, 2006, at 10:37 AM, Andrew Gallatin wrote:
Terry Lambert writes:
load: mydriver.kext
sudo chown -R root:wheel mydriver.kext
(sudo kextload -s . -r . mydriver.kext; sudo chown -R $
(USER):wheel mydriver.kext)
You might want to do the chown before you try loading it, or the
first
time will always fail...
? I do..
Sorry; I mistook the second chown as the chown you were complaining
about. Mea culpa. Mike Smith caught me out on this one, too.
The only drawback is that the NFS fs must be exported with root=0 to
avoid running into the bug that requires kexts be owned by
root:wheel.
That's a feature, not a bug. The intent is to make it impossible for
third parties to demand-load a KEXT that does malicious things behind
your back, without you first granting explicit authorization during
the install by typing your admin password. If it were not this way,
it'd be trivial to compromise your machine from a shell account.
It is a bug. If I, as root, explicity request that a KEXT
be loaded, it should darned well be loaded no matter who owns it.
I assume that by "demand loading", you mean automagically loading
a KEXT as a dependancy? I agree that there should be security checks
on that, but they shouldn't apply to an explicit kextload issued
by root.
It's not a bug, and I'm unwilling to discuss the security implications
further.
-- Terry
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden