From owner-freebsd-current  Tue Nov 19  1:52:11 2002
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BBC6437B401
	for <current@FreeBSD.ORG>; Tue, 19 Nov 2002 01:52:10 -0800 (PST)
Received: from mailman.zeta.org.au (mailman.zeta.org.au [203.26.10.16])
	by mx1.FreeBSD.org (Postfix) with ESMTP id B7FF543E9C
	for <current@FreeBSD.ORG>; Tue, 19 Nov 2002 01:52:09 -0800 (PST)
	(envelope-from bde@zeta.org.au)
Received: from bde.zeta.org.au (bde.zeta.org.au [203.2.228.102])
	by mailman.zeta.org.au (8.9.3/8.8.7) with ESMTP id UAA04850;
	Tue, 19 Nov 2002 20:50:54 +1100
Date: Tue, 19 Nov 2002 21:03:47 +1100 (EST)
From: Bruce Evans <bde@zeta.org.au>
X-X-Sender: bde@gamplex.bde.org
To: Kris Kennaway <kris@obsecurity.org>
Cc: kip@eventdriven.org, <current@FreeBSD.ORG>
Subject: Re: Device permissions with DEVFS
In-Reply-To: <20021119082758.GA3738@rot13.obsecurity.org>
Message-ID: <20021119204920.G30290-100000@gamplex.bde.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

On Tue, 19 Nov 2002, Kris Kennaway wrote:

> On Tue, Nov 19, 2002 at 12:16:49AM -0800, Kip Macy wrote:
> > Sorry, if I'm repeating something already said, but
> > the tone of your mail would indicate that I'm not.
> >
> > This doesn't sound like an intrinsic limitation of
> > devfs, just an issue with how it is structured now.
> > There should just be a central file for all the
> > devices which devfs sucks in at build (or maybe boot)
> > time specifying the appropriate permissions and any
> > other configuration information.
>
> No, the default permissions are specified in the driver source code
> via make_dev().

The drivers only get the magic numbers for uids and gids from a central
file.  This is bad enough.  I think all devices should have ownership
root:wheel and mode 0600, but that would increase the problems with
non-persistent attributes.  devfs(8) may be able to handle this now.

Bruce


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message