From owner-freebsd-hackers@FreeBSD.ORG Fri Oct 31 12:02:40 2003 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9516916A4CE for ; Fri, 31 Oct 2003 12:02:40 -0800 (PST) Received: from harmony.village.org (rover.bsdimp.com [204.144.255.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4030F43FAF for ; Fri, 31 Oct 2003 12:02:37 -0800 (PST) (envelope-from imp@bsdimp.com) Received: from localhost (warner@rover2.village.org [10.0.0.1]) by harmony.village.org (8.12.9p2/8.12.9) with ESMTP id h9VK2XE7061410; Fri, 31 Oct 2003 13:02:34 -0700 (MST) (envelope-from imp@bsdimp.com) Date: Fri, 31 Oct 2003 13:02:29 -0700 (MST) Message-Id: <20031031.130229.132929054.imp@bsdimp.com> To: andi_payn@speedymail.org From: "M. Warner Losh" In-Reply-To: <1067628015.825.64.camel@verdammt.falcotronic.net> References: <1067528798.36829.2128.camel@verdammt.falcotronic.net> <20031031162757.GA56981@walton.maths.tcd.ie> <1067628015.825.64.camel@verdammt.falcotronic.net> X-Mailer: Mew version 2.2 on Emacs 21.3 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: dwmalone@maths.tcd.ie cc: freebsd-hackers@freebsd.org Subject: Re: O_NOACCESS? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 31 Oct 2003 20:02:40 -0000 In message: <1067628015.825.64.camel@verdammt.falcotronic.net> andi payn writes: : On Fri, 2003-10-31 at 08:27, David Malone wrote: : > On Thu, Oct 30, 2003 at 07:46:38AM -0800, andi payn wrote: : > > In FreeBSD, this doesn't work; you just get EINVAL. : > : > I believe this is because of a security problem discovered a few : > years ago, where you could open a file like /dev/io for neither : > read nor write but still get the special privelages associated with : > having the file open. : > : > If you were to allow people to open files without read or write : > permission you'd need to fix problems like this in a different way. : : It seems to me that the right way to fix this is to ensure that only the : superuser can open /dev/io device, no matter what permissions are on it. This might not be a bad idea, but it would force at least one company (mine) to rewrite at least some of their software to run as root. we currently don't run some things as root because we don't trust them. But then you are getting into special case kludges. Better to require that it is opened read or write permissions. : Are there any other special devices like this in FreeBSD? Rewind units on tape drives? If there's no access check done, and I open the rewind unit as joe-smoe? The close code is what does the rewind, and you don't have enough knowledge to know if the tape was opened r/w there. Warner