Shulou(Shulou.com)06/01 Report--

This article will explain in detail what is the use of the etc/mknod command in Autoconf. The editor thinks it is very practical, so I share it for you as a reference. I hope you can get something after reading this article.

Discuss security issues from the point of view of system administrators. The system administrator is the person who manages the system: start the system, stop the system running, install new software, add new users, delete old users, and complete the daily tasks of keeping the system developing and running.

Etc/mknod command

Used to create equipment files. Only root can use this command to create device files. The parameter is the file name, the letter c or b represents the character special file or block special file, the main equipment number and the secondary device number, respectively. Block special files are devices that access data in blocks, such as magnetic tapes and disks. Character special files are devices such as terminals, printers, MODEM, or any other device that transmits one character at a time when communicating with the system, including disk drives that mimic character access to the disk. The master device number specifies the system subroutine (device driver), which will be called when Ihammer O is executed on the device. When the device driver is called, the secondary device number is passed to the driver (the secondary device specifies a specific disk drive, with driver, signal line number, or disk partition). Each type of device generally has its own device driver.

The file system stores the primary and secondary device numbers in the disk address table in the I node, so there is no disk space allocated to the device file (except for the disk area occupied by the I node itself). When the program tries to perform the Icano operation on the device file, the system recognizes that the file is a special file and calls the device driver specified by the primary device number, and the secondary device number is used as the parameter to call the device driver.

Security considerations

Processing the device into a file makes the UNIX program independent of the device, that is, the program does not have to know any characteristics of the device being used, and there is no need to record length, block size, transmission speed, network protocol and other information to access the device. All the annoying details are considered by the device driver. To access the device, the program only needs to open the device file and then use it as an ordinary UNIX file. This is handled well from a security point of view, because Icano operations on any device go through only a small number of channels (that is, device files). The user cannot access the device directly. So if the access permission of the disk partition is set correctly, the user can only access the disk through the UNIX file system. The file system has an internal security mechanism (file license).

Unfortunately, if the disk partition device is incorrect, any user can write a program to read every file in the disk partition, which is simple:

Read an I node, and then read the blocks indicated by these block numbers in turn according to the order in which the block numbers appear in the disk address table. Therefore, except for root, never make disk partition writable to anyone. Because of the owner, file access permission, such information is stored in the I node, and anyone who has the write permission of the installed partition can set the SUID license of any file, regardless of the owner of the file, do not need to use the chmod () command, and can avoid the security check established by the system.

The same is true for the memory file mem,kmem and the swap file swap. These files contain user information, which can be extracted by a program. To avoid disk partitions (and other devices) being readable and writable, you should use the umask command to set the file to establish a mask value before creating a device file.

In general, the terminal port on the UNIX system is writable to anyone, so that users can send messages with write commands. Although the write command is easy to cause security problems, most users find it convenient to use write to get the information of other users, so the system sets the access permission of the terminal device to be writable to all users.

The / dev directory should be licensed and owned by root. There is an exception to the principle that no user other than root is allowed to read or write disk partitions, that is, some programs (usually database systems) require direct access to disk partitions, and the experience of solving this problem should be dedicated to such programs (without installing file systems), and users of such programs should be informed that file security will be done by the program itself rather than the UNIX file system.

This is the end of this article on "what is the use of etc/mknod commands in Autoconf?". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, please share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.