Restricting root's write access to raw devices

Discussion in 'all things UNIX' started by Gullible Jones, Feb 8, 2014.

Thread Status:
Not open for further replies.
  1. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    Is there any way to do this, so as to prevent e.g. a live USB stick boot sector from being accidentally or deliberately overwritten while the stick is booted? Preferably without making filesystems on the stick read-only?

    Basically, as things are normally, the USB device node looks like this

    /dev/sdb root:root -rw-r--r--

    I want it to be permanently set to

    /dev/sdb root:root -r--r--r--

    and that actually enforced, at some time early in the boot process.

    Is this possible without a mandatory access control framework?

    Edit: No, it is not possible without mandatory access control. N/M. Too bad local privilege escalation holes are so frequent on Linux. :(
     
    Last edited: Feb 8, 2014
Thread Status:
Not open for further replies.