Thread: dd+user=trouble
View Single Post
  #3   (View Single Post)  
Old 25th September 2008
BSDfan666 BSDfan666 is offline
Real Name: N/A, this is the interweb.
Banned
 
Join Date: Apr 2008
Location: Ontario, Canada
Posts: 2,223
Default

You can't entirely prevent a user from accessing /dev, it's an integral part of a Unix-like system... the users allocated pty/tty(4) device for example.

Access to raw devices is restricted via, permissions.. and of coarse, the securelevel(7).

The text of the page differs between the BSD derivatives, but the gist of it is a securelevel >= 1 disallows write access to raw devices.. or at least mounted raw devices under OpenBSD.

Besides that, the default file permissions on such devices are set to decent values.. for example:
Code:
 $ ls -lh /dev/rwd0? 
crw-r-----  1 root  operator    3,   0 Aug  3 19:08 /dev/rwd0a
crw-r-----  1 root  operator    3,   1 Aug  3 19:08 /dev/rwd0b
crw-r-----  1 root  operator    3,   2 Aug  3 19:08 /dev/rwd0c
crw-r-----  1 root  operator    3,   3 Aug  3 19:08 /dev/rwd0d
crw-r-----  1 root  operator    3,   4 Aug  3 19:08 /dev/rwd0e
crw-r-----  1 root  operator    3,   5 Aug  3 19:08 /dev/rwd0f
crw-r-----  1 root  operator    3,   6 Aug  3 19:08 /dev/rwd0g
crw-r-----  1 root  operator    3,   7 Aug  7 21:24 /dev/rwd0h
crw-r-----  1 root  operator    3,   8 Aug  3 19:08 /dev/rwd0i
crw-r-----  1 root  operator    3,   9 Aug  3 19:08 /dev/rwd0j
crw-r-----  1 root  operator    3,  10 Aug  3 19:08 /dev/rwd0k
crw-r-----  1 root  operator    3,  11 Aug  3 19:08 /dev/rwd0l
crw-r-----  1 root  operator    3,  12 Aug  3 19:08 /dev/rwd0m
crw-r-----  1 root  operator    3,  13 Aug  3 19:08 /dev/rwd0n
crw-r-----  1 root  operator    3,  14 Aug  3 19:08 /dev/rwd0o
crw-r-----  1 root  operator    3,  15 Aug  3 19:08 /dev/rwd0p
This means only root has write access, members of the operator group have read access.. all other users are disallowed.

I'm sure FreeBSD has similar permission settings..
Reply With Quote