From owner-freebsd-current  Mon Nov 18 21: 1:43 2002
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 53B4A37B401; Mon, 18 Nov 2002 21:01:42 -0800 (PST)
Received: from obsecurity.dyndns.org (adsl-63-207-60-146.dsl.lsan03.pacbell.net [63.207.60.146])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 111AF43E97; Mon, 18 Nov 2002 21:01:35 -0800 (PST)
	(envelope-from kris@obsecurity.org)
Received: from rot13.obsecurity.org (rot13.obsecurity.org [10.0.0.5])
	by obsecurity.dyndns.org (Postfix) with ESMTP
	id ECC2C66B2C; Mon, 18 Nov 2002 21:01:32 -0800 (PST)
Received: by rot13.obsecurity.org (Postfix, from userid 1000)
	id DE05C1283; Mon, 18 Nov 2002 21:03:06 -0800 (PST)
Date: Mon, 18 Nov 2002 21:03:06 -0800
From: Kris Kennaway <kris@obsecurity.org>
To: current@FreeBSD.org
Subject: Device permissions with DEVFS
Message-ID: <20021119050304.GA2608@rot13.obsecurity.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="MGYHOYXEY6WxJCY8"
Content-Disposition: inline
User-Agent: Mutt/1.4i
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG


--MGYHOYXEY6WxJCY8
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

Something that needs to be addressed before 5.0 is the insecure
default permissions on many devices.  For example, on my system, the
following devices have insecure permissions on 5.0 (but not on 4.x
with the default MAKEDEV settings):

crw-r--r--  1 root   operator  117,   0 Nov 18 14:49 acd0

crw-rw-rw-  1 root   wheel      21,   1 Nov 18 14:49 psm0

crw-rw-rw-  1 root   wheel     180,   0 Nov 18 14:49 nvidia0
(This one isn't part of FreeBSD, but I might as well report it now)

crw-rw-rw-  1 root  wheel      30,   3 Nov 14 21:30 dsp0.0
crw-rw-rw-  1 root  wheel      30, 0x00010003 Nov  8 23:38 dsp0.1
crw-rw-rw-  1 root  wheel      30,   5 Nov  8 23:38 dspW0.0
crw-rw-rw-  1 root  wheel      30, 0x00010005 Nov  8 23:38 dspW0.1
crw-rw-rw-  1 root  wheel      30,  11 Nov  8 23:38 dspr0.0

These have the same permissions on 4.x, but they're still insecure
(unprivileged users can read from a microphone).

I'm sure there are others I have missed.  Could everyone please check
their /dev (better, check the kernel source)?

Kris
--MGYHOYXEY6WxJCY8
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)

iD8DBQE92cYIWry0BWjoQKURAvfPAKDh5Rmif3CModJ2UIPyPd7uxFI0iACcCGLD
eH4wCbP+mixkVzOrryc+rcQ=
=TWx0
-----END PGP SIGNATURE-----

--MGYHOYXEY6WxJCY8--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message