From owner-freebsd-current  Tue Dec 24  6:49:51 2002
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 80ED337B401; Tue, 24 Dec 2002 06:49:50 -0800 (PST)
Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id EA83543EA9; Tue, 24 Dec 2002 06:49:49 -0800 (PST)
	(envelope-from wollman@khavrinen.lcs.mit.edu)
Received: from khavrinen.lcs.mit.edu (localhost [IPv6:::1])
	by khavrinen.lcs.mit.edu (8.12.6/8.12.6) with ESMTP id gBOEnnY2034911
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=OK);
	Tue, 24 Dec 2002 09:49:49 -0500 (EST)
	(envelope-from wollman@khavrinen.lcs.mit.edu)
Received: (from wollman@localhost)
	by khavrinen.lcs.mit.edu (8.12.6/8.12.6/Submit) id gBOEnne5034908;
	Tue, 24 Dec 2002 09:49:49 -0500 (EST)
	(envelope-from wollman)
Date: Tue, 24 Dec 2002 09:49:49 -0500 (EST)
From: Garrett Wollman <wollman@lcs.mit.edu>
Message-Id: <200212241449.gBOEnne5034908@khavrinen.lcs.mit.edu>
To: phk@FreeBSD.ORG
Cc: current@FreeBSD.ORG
Subject: Re: revoke(2) redux... 
In-Reply-To: <1731.1040741036@critter.freebsd.dk>
References: <BA2DAFDF.17D6B%pscott@skycoast.us>
	<1731.1040741036@critter.freebsd.dk>
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

<<On Tue, 24 Dec 2002 15:43:56 +0100, phk@FreeBSD.ORG said:

> There is no way you can close the race between:

> 	revoke("/dev/ttyfoo");
> and
> 	open("/dev/ttyfoo");

> Not even in init(8).  There is always the risk that another process
> opens the device between the two.

If that process belongs to root then it doesn't matter.

If that process belongs to the user who's logging in, then it doesn't
matter (the user can hose himself, but that's his own fault).

If that process belongs to someone else, then the permissions on the
device are set wrong, and that's a security problem that revoke()
isn't trying to fix.

-GAWollman


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message