From: steve <steve@clublinux.org>
Subject: root access to block disk devices
Date: Sat, 14 Jul 2001 15:05:10 -0500
Next Article (by Date): Re: root access to block disk devices steve
Previous Article (by Date): Re: Several questions steve
Next in Thread: Re: root access to block disk devices steve
Articles sorted by: [Date]
[Author]
[Subject]
Hi, I'm trying to prevent root from accessing my disk devices directly. Using ACLs, I've been successful in preventing root from doing an 'ls -l /dev/sda' (not what I really want), but 'strings /dev/sda' still works. I would like to prevent root from reading/writing directly to any /dev/sda* file. I've modified the inherit masks on /dev/sda for both FD and DEV targets and removed all access. This still doesn't prevent root from reading /dev/sda directly. What am I missing? I've discovered that root can't read /dev/mem or /dev/kmem. How are these protections being setup? I'm using the rsbac_menu for configuration. Are all necessary options for ACLs, FF, AUTH, and RC available through the menu? Maybe that's my problem. Thanks in advance, Steve - To unsubscribe from the rsbac list, send a mail to majordomo@rsbac.org with unsubscribe rsbac as single line in the body.
Next Article (by Date): Re: root access to block disk devices steve
Previous Article (by Date): Re: Several questions steve
Next in Thread: Re: root access to block disk devices steve
Articles sorted by: [Date]
[Author]
[Subject]