• Harald Sitter's avatar
    pass device names to the helper · 6d2a5fc8
    Harald Sitter authored
    paths are somewhat trivial to exploit. instead resolve them to the
    actual block device names under /dev/ and pass that into the privileged
    helper. the helper then only needs to verify that $name is in fact a
    block device under /dev/.
    since unprivileged processes cannot create files in /dev/ directly, let
    alone block devices, this should give us a very reliable way of
    preventing abuse.