[GTALUG] Adding all users to the "disk" group: bad idea, or terrible idea?

Scott Sullivan scott at revident.net
Mon Feb 17 18:53:52 EST 2020 

With an attacker mindset, I wouldn't give users persistent access to the 
disks group. udev creates disks in /dev with the disk group, and r+w 
group permissions. So, if I want to screw around with the root 
filesystem, I can now go indirectly via which ever /dev/<disk><part> has 
the root fs and monkey with the bits on disk. This is now a continuously 
open hole for those users granted into that group.

With sudo, practically speaking, most personal computers are single 
owner, so the users already have it. And then there is an explicit 
privilege escalation for the one task, and no persistence of unneeded 
privilege.

I feel your developer is making the choice of convenience over security 
and explicit/relatable action of the user.


On 2/17/20 4:42 PM, John Sellens via talk wrote:
> The developer seems to be insisting on an answer, rather than
> a need.  The need is to allow easy writing when appropriate.
> 
> Consider a wrapper script that uses sudo to call the actual command.
> 
> And then set sudoers(5) to allow appropriate people to run the command
> as root without a password.
> 
> That means that it's easy for the user, and access to the disk
> devices is only provided through the (presumably) tested and
> well-functioning command.
> 
> Remember: you can solve any problem in computer science with
> another level of indirection.
> 
> I suspect that there's a way via udev or dbus to accomplish the
> appropriate thing.  But I'm not smart enough for that.
> 
> Hope that helps!
> 
> John
> 
> 
> On Mon, 2020/02/17 04:28:52PM -0500, Stewart C. Russell via talk <talk at gtalug.org> wrote:
> | So I'm working with a developer making a simple cross-platform graphical
> | program to write Raspberry Pi OS images to SD card. This is meant for
> | beginners to use. The developer is adamant that their program doesn't need
> | to run under 'sudo' but that every user should be added to the disk group
> | instead.
> |
> | This means that every user can write directly to system disk devices at any
> | time. The Debian-based systems I use don't add regular users to "disk". Is
> | it reasonable/common for regular users to be set up this way?
> |
> | cheers
> |
> |  Stewart $(export HAVE_ACCIDENTALLY_OVERWRITTEN_ROOT=1) Russell
> |
> |
> |
> | ---
> | Post to this mailing list talk at gtalug.org
> | Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
> ---
> Post to this mailing list talk at gtalug.org
> Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
> 
-- 
Scott Sullivan

More information about the talk mailing list