Because ownership and permissions
are stored in the inode, anyone with write permission to a mounted
partition can set the user ID for any file in that partition. The
file is subject to change regardless of the owner, bypassing the chmod() system call and other security checks.
If the device special file is writable, a user can open
that file and access the raw disk. The user can then directly edit
the file system, read files, or change file permissions and owners.
Make sure the file permissions forbid access to
the device special file and allow only root to read.