Date: Tue, 18 Mar 2014 15:35:11 -0700 From: Xin Li <delphij@delphij.net> To: Maksim Yevmenkin <emax@freebsd.org>, FreeBSD Current <freebsd-current@freebsd.org> Subject: Re: [rfc] /dev/devstat permissions patch Message-ID: <5328CA1F.5050007@delphij.net> In-Reply-To: <CAFPOs6pAfrmN8U0jWn%2BoTLDWg%2B-U%2BhjLr5fuq-Fw1Q_jrmqc0Q@mail.gmail.com> References: <CAFPOs6pAfrmN8U0jWn%2BoTLDWg%2B-U%2BhjLr5fuq-Fw1Q_jrmqc0Q@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi,
Adding phk@ to cc since the 400 is from his changeset (r112001).
On 03/18/14 12:29, Maksim Yevmenkin wrote:
> hello,
>
> would anyone object to the following patch?
>
> ==
>
> Index: subr_devstat.c
> ===================================================================
>
>
- --- subr_devstat.c (revision 263311)
> +++ subr_devstat.c (working copy) @@ -503,7 +503,7 @@
> mtx_assert(&devstat_mutex, MA_NOTOWNED); if (!once) {
> make_dev_credf(MAKEDEV_ETERNAL | MAKEDEV_CHECKNAME, -
> &devstat_cdevsw, 0, NULL, UID_ROOT, GID_WHEEL, 0400, +
> &devstat_cdevsw, 0, NULL, UID_ROOT, GID_WHEEL, 0444,
> DEVSTAT_DEVICE_NAME); once = 1; }
>
> ==
>
> i'm not sure why /dev/devstat has such restrictive permissions.
> can someone please explain the reason for it? having gstat(8)
> require super-user privilege seems like an overkill me. iostat(8)
> and systat(1) do not require super-user privileges to work.
>
> and, yes, i know i can override permissions with /etc/devfs.conf,
> just curious what are we protecting from in /dev/devstat
I have similar change locally (except it's GID_OPERATOR and 0440) and
I think your proposed change would be a sensible default.
Cheers,
- --
Xin LI <delphij@delphij.net> https://www.delphij.net/
FreeBSD - The Power to Serve! Live free or die
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (FreeBSD)
iQIcBAEBCgAGBQJTKMofAAoJEJW2GBstM+nspPYQAKt8UiAqDBQwe0KTeH+ykpis
4EG4+oM43Ze8WCc3DgsbB+Dnq4en63z3SXyK7b78ZDN9xVzSmR4Cb6N0W63cuACI
4pE2Wl72P7v6eVgOrrgMJoRjI7BwX0nlOXKCvmwkHznbZSmpjgYTzx9ADYl1T4pP
SKtvgOtCyFXdpGP2adE8kJMRcFvBpbs61Y4hiSLwKE1lGywgLwYWfwkZMWFxGaNW
SU3H7qew5SRoFSF7ZhurhKENwyNR1EHEHXW+Se77TcTUzBIGCQop+78Od+Pxwi/v
KJYFKHS+Z72BRVbpaxowxQGRNSPzqC4dB2nMhrcQaOU8gXRret9OXCfBc7Fmrv31
ot0ewo3GapmNh/9ypMuYNQ+3XsjEmx96ckSeS0oX6lKLR2qIu8+JIMd9Oq0ogNHk
tMdjrX0dkpwedN9UiakbQq8Ws7u/XRfkQEUD8nsDu5gK+f3KlRldboA+GFAjYgX6
F+E4JHfRGWCFYQuzcl48Nkzg4Glw/r8HCHHE+cGqwXXPIGfjtwSIyGGZzw0Nb2Nr
jYfs4aYuGCwFmwUO/hVn47Wbbzmpr7rVbf7EW3PXwZuxPKTVxrEUpYklvCUmkDMi
jYEwQMcIfV7pI+nD1M9bocOk3TQ4nYWqlts2E6J+/qEC/ayXpo4kk/93swimj7wP
p6xDXw3sAX6Xaj0bZqcB
=ktrj
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5328CA1F.5050007>