| |||||||||||||
|
| |||||||||||||
Udev rules and the management of the plumbing layerUdev rules and the management of the plumbing layerPosted Aug 14, 2008 13:23 UTC (Thu) by chsnyder (subscriber, #52714)In reply to: Udev rules and the management of the plumbing layer by cortana Parent article: Udev rules and the management of the plumbing layer
Well okay, you need physical access to the box, which is pretty much game over in terms of security anyway, so this is more of an annoyance than a security issue. The system boots from internal scsi raid, but after kernel loads scsi and usb drivers, it remounts the filesystems according to /etc/fstab. Problem is, the usb drive is seen first so gets /dev/sda and the boot drive gets /dev/sdb. Bootup craps out because the usb drive doesn't have /sbin/init. I was thinking that if the usb drive had a full, working Linux system on it, an attacker would have control of the system. But lets face it, if someone can get to the box, plug in a usb drive, and reboot, you have bigger problems. I'll file a bug, but I remember seeing an earlier one that said that device assignments aren't guaranteed, so use labels or uuids. The bug in that case should be filed on the installer.
(Log in to post comments)
Risks of device naming Posted Aug 17, 2008 20:14 UTC (Sun) by dark (✭ supporter ✭, #8483) [Link] I think it's still a security problem. You might have stuck in a USB stick in order to transfer data from it, and forgotten to take it out before rebooting. If that USB stick has a boot-time virus then you lose your system, even though it was never your intent to run any code from it.
|
|
||||||||||||