From owner-freebsd-current@FreeBSD.ORG  Tue Mar 18 22:35:13 2014
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 74F08408;
 Tue, 18 Mar 2014 22:35:13 +0000 (UTC)
Received: from anubis.delphij.net (anubis.delphij.net [64.62.153.212])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 599D49BB;
 Tue, 18 Mar 2014 22:35:13 +0000 (UTC)
Received: from zeta.ixsystems.com (unknown [69.198.165.132])
 (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits))
 (No client certificate requested)
 by anubis.delphij.net (Postfix) with ESMTPSA id 63D6C20F2F;
 Tue, 18 Mar 2014 15:35:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=delphij.net;
 s=anubis; t=1395182112;
 bh=HDBrn31sUarVoqFstIKkZzwcPim6GqbjSThBEJSL9zQ=;
 h=Date:From:Reply-To:To:CC:Subject:References:In-Reply-To;
 b=nKbOomE8HW0hh3ps4tUK+RzUUQ3Uroju9Klt/SCIUyLt41w+sNJy4WPmDv/ljb+f2
 ZJqX8SUlB2bOGeAOBR0GMpZqRy/tp5ZhV9GypP9+Gk/8rsacDiBwFD4sWJaHhwcgHk
 zPnqQJ+WMbIi07A71RTq1TDeQ6996uH0kRoDzJXo=
Message-ID: <5328CA1F.5050007@delphij.net>
Date: Tue, 18 Mar 2014 15:35:11 -0700
From: Xin Li <delphij@delphij.net>
Organization: The FreeBSD Project
MIME-Version: 1.0
To: Maksim Yevmenkin <emax@freebsd.org>, 
 FreeBSD Current <freebsd-current@freebsd.org>
Subject: Re: [rfc] /dev/devstat permissions patch
References: <CAFPOs6pAfrmN8U0jWn+oTLDWg+-U+hjLr5fuq-Fw1Q_jrmqc0Q@mail.gmail.com>
In-Reply-To: <CAFPOs6pAfrmN8U0jWn+oTLDWg+-U+hjLr5fuq-Fw1Q_jrmqc0Q@mail.gmail.com>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: d@delphij.net
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Mar 2014 22:35:13 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi,

Adding phk@ to cc since the 400 is from his changeset (r112001).

On 03/18/14 12:29, Maksim Yevmenkin wrote:
> hello,
> 
> would anyone object to the following patch?
> 
> ==
> 
> Index: subr_devstat.c 
> ===================================================================
>
> 
- --- subr_devstat.c (revision 263311)
> +++ subr_devstat.c (working copy) @@ -503,7 +503,7 @@ 
> mtx_assert(&devstat_mutex, MA_NOTOWNED); if (!once) { 
> make_dev_credf(MAKEDEV_ETERNAL | MAKEDEV_CHECKNAME, -
> &devstat_cdevsw, 0, NULL, UID_ROOT, GID_WHEEL, 0400, +
> &devstat_cdevsw, 0, NULL, UID_ROOT, GID_WHEEL, 0444, 
> DEVSTAT_DEVICE_NAME); once = 1; }
> 
> ==
> 
> i'm not sure why /dev/devstat has such restrictive permissions.
> can someone please explain the reason for it? having gstat(8)
> require super-user privilege seems like an overkill me. iostat(8)
> and systat(1) do not require super-user privileges to work.
> 
> and, yes, i know i can override permissions with /etc/devfs.conf,
> just curious what are we protecting from in /dev/devstat

I have similar change locally (except it's GID_OPERATOR and 0440) and
I think your proposed change would be a sensible default.

Cheers,
- -- 
Xin LI <delphij@delphij.net>    https://www.delphij.net/
FreeBSD - The Power to Serve!           Live free or die
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (FreeBSD)

iQIcBAEBCgAGBQJTKMofAAoJEJW2GBstM+nspPYQAKt8UiAqDBQwe0KTeH+ykpis
4EG4+oM43Ze8WCc3DgsbB+Dnq4en63z3SXyK7b78ZDN9xVzSmR4Cb6N0W63cuACI
4pE2Wl72P7v6eVgOrrgMJoRjI7BwX0nlOXKCvmwkHznbZSmpjgYTzx9ADYl1T4pP
SKtvgOtCyFXdpGP2adE8kJMRcFvBpbs61Y4hiSLwKE1lGywgLwYWfwkZMWFxGaNW
SU3H7qew5SRoFSF7ZhurhKENwyNR1EHEHXW+Se77TcTUzBIGCQop+78Od+Pxwi/v
KJYFKHS+Z72BRVbpaxowxQGRNSPzqC4dB2nMhrcQaOU8gXRret9OXCfBc7Fmrv31
ot0ewo3GapmNh/9ypMuYNQ+3XsjEmx96ckSeS0oX6lKLR2qIu8+JIMd9Oq0ogNHk
tMdjrX0dkpwedN9UiakbQq8Ws7u/XRfkQEUD8nsDu5gK+f3KlRldboA+GFAjYgX6
F+E4JHfRGWCFYQuzcl48Nkzg4Glw/r8HCHHE+cGqwXXPIGfjtwSIyGGZzw0Nb2Nr
jYfs4aYuGCwFmwUO/hVn47Wbbzmpr7rVbf7EW3PXwZuxPKTVxrEUpYklvCUmkDMi
jYEwQMcIfV7pI+nD1M9bocOk3TQ4nYWqlts2E6J+/qEC/ayXpo4kk/93swimj7wP
p6xDXw3sAX6Xaj0bZqcB
=ktrj
-----END PGP SIGNATURE-----