Date: Tue, 19 Nov 2002 15:22:30 -0500 (EST) From: Robert Watson <rwatson@FreeBSD.ORG> To: Poul-Henning Kamp <phk@critter.freebsd.dk> Cc: Bruce Evans <bde@zeta.org.au>, Kris Kennaway <kris@obsecurity.org>, kip@eventdriven.org, current@FreeBSD.ORG Subject: Re: Device permissions with DEVFS Message-ID: <Pine.NEB.3.96L.1021119152129.98618C-100000@fledge.watson.org> In-Reply-To: <25060.1037735737@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 19 Nov 2002, Poul-Henning Kamp wrote: > In message <Pine.NEB.3.96L.1021119124035.60013B-100000@fledge.watson.org>, Robe > rt Watson writes: > > >> > No, the default permissions are specified in the driver source code > >> > via make_dev(). > >> > >> The drivers only get the magic numbers for uids and gids from a central > >> file. This is bad enough. I think all devices should have ownership > >> root:wheel and mode 0600, but that would increase the problems with > >> non-persistent attributes. devfs(8) may be able to handle this now. > > > >I have to say that the ownership issue has been a pet peeve of mine for > >some time: I would really like the kernel to know about exactly two magic > >id values: uid 0 (suser uid, default uid, default devfs owner), and gid 0 > >(default gid, default devfs owner). Hard-coding of other non-0 values in > >the kernel leads to many potential (and real) problems. > > I think we should stick to the current slightly "hackish" way, possibly > with the modification that the security-officer gang gets to rule what > exact m/o/g devices in the FreeBSD cvs tree should have. I'm not suggesting we change to this model at this point, or at any particular point in the future, it's just a pet peeve that someday I'd like to address :-). Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Network Associates Laboratories To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1021119152129.98618C-100000>