Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.


  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL
Help

9. Testing and Monitoring > 9.10. Securing Device Special Files

9.10. Securing Device Special Files

Problem

You want to check for potentially insecure device special files.

Solution

To list all device special files (block or character):

$ find /dir -xdev \( -type b -o -type c \) -ls

To list any regular files in /dev (except the MAKEDEV program):

$ find /dev -type f ! -name MAKEDEV -print

To prohibit device special files on a filesystem, use mount -o nodev or add the nodev option to entries in /etc/fstab.

Be aware of the important options and limitations of find, so you don’t inadvertently overlook important files. [Recipe 9.8]

Discussion

Device special files are objects that allow direct access to devices (either real or virtual) via the filesystem. For the security of your system, you must carefully control this access by maintaining appropriate permissions on these special files. An intruder who hides extra copies of important device special files can use them as backdoors to read—or even modify—kernel memory, disk drives, and other critical devices.


  

You are currently reading a PREVIEW of this book.

                                                                                                                    

Get instant access to over $1 million worth of books and videos.

  

Start a Free 10-Day Trial


  
  • Safari Books Online
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint