From owner-freebsd-scsi Mon Jul 27 09:02:50 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA11396 for freebsd-scsi-outgoing; Mon, 27 Jul 1998 09:02:50 -0700 (PDT) (envelope-from owner-freebsd-scsi@FreeBSD.ORG) Received: from panzer.plutotech.com (ken@panzer.plutotech.com [206.168.67.125]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA11391 for ; Mon, 27 Jul 1998 09:02:48 -0700 (PDT) (envelope-from ken@panzer.plutotech.com) Received: (from ken@localhost) by panzer.plutotech.com (8.8.8/8.8.5) id KAA25042; Mon, 27 Jul 1998 10:02:10 -0600 (MDT) From: "Kenneth D. Merry" Message-Id: <199807271602.KAA25042@panzer.plutotech.com> Subject: Re: non-root pass, symlinks to pass fail In-Reply-To: from Cory Kempf at "Jul 27, 98 11:50:29 am" To: ckempf@enigami.com (Cory Kempf) Date: Mon, 27 Jul 1998 10:02:10 -0600 (MDT) Cc: freebsd-scsi@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL28s (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-scsi@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Cory Kempf wrote... > "Kenneth" == Kenneth D Merry writes: > > > What are the permissions on the transport layer devices? The > > one used is /dev/rxpt0. If the CAM library can't open the transport > > layer device, it can't figure out which passthrough device to open. > > All xpt devices are 640. chmodding them to 666 allows cdrecord > -scanbus & find-scanner to work. Sounds right... > Isn't this opening up a rather large security hole? I mean, by doing > this, am I not effectively allowing full access to all my SCSI > devices, including my hard disk via the xpt devices? No, there are only certain operations that are allowed through the transport layer device. XPT_SCSI_IO ccbs aren't allowed through the transport layer device, so no one can reformat your hard drive using it. > FWIW, it seems that if any pass devices are not mode 666, cdrecord > fails, but find-scanners works OK. Without seeing the errors, I can't speculate on a cause. > As I see it, if I want a somewhat secure system, but still want the > ability to let the user scan / burn CDs, At best, I can chmod the pass > & xpt devices to 660, and make any programs (e.g. scanimage, > find-scanners, saned, cdrecord, etc) sgid. > > Which is not really secure, especially as the programs in question > were never designed to be suid/sgid. > > Can we do better? Ideally, I would like to set permissions on a > per-device basis, and not allow access to the entire bus. See above. You aren't allowing access to the entire bus, at least not to send SCSI commands. In general, the operations that are allowed through the transport layer device are operations that don't make sense to do on a per-device basis through the passthrough driver. > In anycase, I am going to release what I have, with a README note for > now, to get something out. But, I really would like to see a better > answer -- or be told that the hole I see doesn't really exist :-) It doesn't. See above. Ken -- Kenneth Merry ken@plutotech.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-scsi" in the body of the message