Re: What operations in store_parsed_open() need the privilege?

[Samuel Thibault]

Da Zheng, le Thu 28 Aug 2008 23:48:13 +0200, a écrit :
> Thomas Bushnell BSG wrote:
> >On Thu, 2008-08-28 at 08:42 +0200, Neal H. Walfield wrote:
> >  
> >>At Wed, 27 Aug 2008 15:05:59 -0700,
> >>Thomas Bushnell BSG wrote:
> >>    
> >>>On Wed, 2008-08-27 at 23:32 +0200, Da Zheng wrote:
> >>>      
> >>>>I know boot fails and gets EPERM when it calls store_parsed_open, but I 
> >>>>need to know what operations inside store_parsed_open() fail. 
> >>>>Otherwise, I don't know how to fix it.
> >>>>        
> >>>Boot assumes that it is run as root, and assumes that quite thoroughly.
> >>>You need to have boot simply not even *try* to open such a device.
> >>>      
> >>I don't understand why boot should somehow override the user in this
> >>regard.  It is perfectly legitimate, I think, to give a non-root user
> >>access to, e.g., /dev/hda1.  In that case, why should boot not even
> >>try to open the device?
> >>    
> >
> >Yes, I think of course you're right.
> >  
> If the non-user can access /dev/hda1, it means he can operate the hda1 
> device directly without the help of the file system.
> Is the user really allowed to do it? In Linux or other Unix, this kind 
> of operation is forbidden, I think.

That depends on what is there.  If that's where the user can put data,
it makes sense to give him full access to the partition instead of
imposing a given filesystem.

Samuel