From owner-freebsd-arch  Wed Nov 28 10:43: 1 2001
Delivered-To: freebsd-arch@freebsd.org
Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.86.163])
	by hub.freebsd.org (Postfix) with ESMTP id 5BAAC37B417
	for <arch@FreeBSD.ORG>; Wed, 28 Nov 2001 10:42:59 -0800 (PST)
Received: from critter.freebsd.dk (localhost [127.0.0.1])
	by critter.freebsd.dk (8.11.6/8.11.6) with ESMTP id fASIfZV38093;
	Wed, 28 Nov 2001 19:41:35 +0100 (CET)
	(envelope-from phk@critter.freebsd.dk)
To: mjacob@feral.com
Cc: arch@FreeBSD.ORG
Subject: Re: Anybody working on devd? 
In-Reply-To: Your message of "Wed, 28 Nov 2001 10:23:40 PST."
             <Pine.BSF.4.21.0111281021280.87220-100000@beppo> 
Date: Wed, 28 Nov 2001 19:41:35 +0100
Message-ID: <38091.1006972895@critter.freebsd.dk>
From: Poul-Henning Kamp <phk@critter.freebsd.dk>
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-arch.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-arch>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-arch>
X-Loop: FreeBSD.ORG

In message <Pine.BSF.4.21.0111281021280.87220-100000@beppo>, Matthew Jacob writes:
>
>There's a race between some joblow driver setting completely loose permissions
>and devd setting the policy based ones. This is a security hole. This is what
>I meant by "either you trust the driver or you don't". The consensus here is
>that "we don't".
>
>Therefore, internally make_dev uses 0/0 600 as default- not settable by
>driver. The default policy for picobsd would be 666 I assume.

Guys,

Witht rules system I'm proposing you can have "any of the above"
if you want.

No matter which single one we choose, it is inadequate for one or
more of the other cases.

It needs to be possible to specify a policy and the default policy
if you don't do that need to be sensible.

If anyone has a better suggestion how to express the policy than
by sticking rules like I proposed into the kernel from a userland
program, I'm all ears...

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message