Restricting root's write access to raw devices

Discussion in 'all things UNIX' started by Gullible Jones, Feb 8, 2014.

Thread Status:
Not open for further replies.
  1. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,466
    Is there any way to do this, so as to prevent e.g. a live USB stick boot sector from being accidentally or deliberately overwritten while the stick is booted? Preferably without making filesystems on the stick read-only?

    Basically, as things are normally, the USB device node looks like this

    /dev/sdb root:root -rw-r--r--

    I want it to be permanently set to

    /dev/sdb root:root -r--r--r--

    and that actually enforced, at some time early in the boot process.

    Is this possible without a mandatory access control framework?

    Edit: No, it is not possible without mandatory access control. N/M. Too bad local privilege escalation holes are so frequent on Linux. :(
     
    Last edited: Feb 8, 2014
    Gullible Jones, Feb 8, 2014
    #1
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...