root volume's device can be read without being root!
root volume's device can be read without being root!
- Subject: root volume's device can be read without being root!
- From: Thomas Tempelmann <email@hidden>
- Date: Fri, 3 Jul 2009 12:31:03 +0200
I'm writing a tool that accesses disks on block device level.
Usually, OS X prevents a non-root user from accessing the internal boot disk.
But while playing with alternative boot options, I ran into a
situation where I can read the entire device from which the kernel is
loaded and which holds the "/" path, without being root.
The obvious difference to the usual setup here is that the disk
holding the root volume is NOT disk0.
What I see is that now some other disk which is disk0 requires root
rights, while the actual root volume's disk is free to be browsed.
So it appears that the code that decides whether a disk requires root
rights for reading, is hard-coded to number zero, instead of
dynamically decided upon where the root volume comes from.
I consider this a potential security risk. While usually a user won't
get into this situation where disk0 is not the disk where the root
volume is mounted on, I can imagine that other boot options, maybe
using RemoteCD or a network boot, may cause similar scenarios.
Any thoughts on this? Maybe I make wrong assumtions here, and I admit
that my scenario is a hack, I just want to make sure that this can't
happen with other commonly available boot options as well.
--
Thomas Tempelmann, http://www.tempel.org/
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Filesystem-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden