root access to block disk devices


From: steve <steve@clublinux.org>
Subject: root access to block disk devices
Date: Sat, 14 Jul 2001 15:05:10 -0500

Next Article (by Subject): Re: root access to block disk devices steve
Previous Article (by Subject): Re: Roles question Amon Ott
Next in Thread: Re: root access to block disk devices steve
Articles sorted by: [Date] [Author] [Subject]


Hi,
	I'm trying to prevent root from accessing my disk devices directly. 
Using ACLs, I've been successful in preventing root from doing an 'ls -l
/dev/sda' (not what I really want), but 'strings /dev/sda' still works. 
I would like to prevent root from reading/writing directly to any
/dev/sda* file.
	I've modified the inherit masks on /dev/sda for both FD and DEV targets
and removed all access.  This still doesn't prevent root from reading
/dev/sda directly.

What am I missing?

I've discovered that root can't read /dev/mem or /dev/kmem.  How are
these protections being setup?

I'm using the rsbac_menu for configuration.  Are all necessary options
for ACLs, FF, AUTH, and RC available through the menu?   Maybe that's my
problem.


Thanks in advance,
Steve
-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Subject): Re: root access to block disk devices steve
Previous Article (by Subject): Re: Roles question Amon Ott
Next in Thread: Re: root access to block disk devices steve
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.