Date: 18 Jul 2000 01:39:43 +0200 From: Cyrille Lefevre <clefevre%no-spam@citeweb.net> To: nsayer@freebsd.org Cc: FreeBSD-hackers@freebsd.org Subject: Re: sysctl interface for apm? Message-ID: <bszw5nsw.fsf@pc166.gits.fr> In-Reply-To: Nick Sayer's message of "Mon, 17 Jul 2000 11:55:05 -0700" References: <1884.963737703@critter.freebsd.dk> <lmz1zwa6.fsf@pc166.gits.fr> <39734DE0.46EF9B8C@sftw.com> <66q47g50.fsf@pc166.gits.fr> <39735688.6268C428@sftw.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Nick Sayer <nsayer@sftw.com> writes: > Cyrille Lefevre wrote: > > > Nick Sayer <nsayer@sftw.com> writes: > > > > > Cyrille Lefevre wrote: > > > > > > > Poul-Henning Kamp <phk@critter.freebsd.dk> writes: > > > > > > > > > In message <200007160625.XAA92886@freefall.freebsd.org>, nsayer@FreeBSD.ORG wri > > > > > tes: > > > > > > > > > > >So what does everyone think? Is it suitable to add a read only > > > > > >sysctl 'machdep.apm_powerstate' that reports either AC, nn%, > > > > > >or N/A ? Or should the format be numeric (999 = AC, <=100 = battery %, > > > > > >-1 = N/A)? Or should we not bother? :-) > > > > > > > > > > yes it is suitable. > > > > > > > > isn't it the job of one of the apm options ? such as apm -l ? > > > > > > The problem with that is that it requires permission to open /dev/apm, after which > > > one also has permission to suspend the machine or do other mischief. > > > A separate interface allows us to specify a means to look up read-only > > > information without special permissions. Also, sysctl is not only a command > > > line interface, it is available to programs as well, and is a simpler interface > > > then open/ioctl/close. > > > > what about : > > > > echo apm::70: >> /etc/group > > chgrp apm /dev/apm /usr/sbin/apm > > chmod g=640 /dev/apm > > chmod g+s /usr/sbin/apm > > Users or programs in group apm would still have permission to suspend the > machine. Suspending the machine is an operation demanding a far higher level > of machine access than simply checking the state of the batteries, in my > opinion. Once you have an open file descriptor on /dev/apm, you can perform > any ioctl you like on it. This way, privileges on /dev/apm can be closely held, > and mere power meters don't have to be sgid. well. as you said before, you just want a read-only sysctl. if the driver is not secure. it's not my fault. it shouldn't be so complicated to secure it. do you now if the permissions sets using make_dev() in i386/apm/apm.h are used at a upper level ? or if the driver must do the job itself. CC: to the original mailing-list. Cyrille. -- home:mailto:clefevre%no-spam@citeweb.net Supprimer "%no-spam" pour me repondre. work:mailto:Cyrille.Lefevre%no-spam@edf.fr Remove "%no-spam" to answer me back. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bszw5nsw.fsf>