From owner-freebsd-current Tue Nov 19 20:27:34 2002 Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4FB0137B401; Tue, 19 Nov 2002 20:27:33 -0800 (PST) Received: from harmony.village.org (rover.bsdimp.com [204.144.255.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id 70EFD43E42; Tue, 19 Nov 2002 20:27:32 -0800 (PST) (envelope-from imp@bsdimp.com) Received: from localhost (warner@rover2.village.org [10.0.0.1]) by harmony.village.org (8.12.3/8.12.3) with ESMTP id gAK4RPpk027952; Tue, 19 Nov 2002 21:27:25 -0700 (MST) (envelope-from imp@bsdimp.com) Date: Tue, 19 Nov 2002 21:27:16 -0700 (MST) Message-Id: <20021119.212716.23011355.imp@bsdimp.com> To: tjr@FreeBSD.ORG Cc: kris@obsecurity.org, current@FreeBSD.ORG Subject: Re: Device permissions with DEVFS From: "M. Warner Losh" In-Reply-To: <20021119174652.A74461@dilbert.robbins.dropbear.id.au> References: <20021119050304.GA2608@rot13.obsecurity.org> <20021119174652.A74461@dilbert.robbins.dropbear.id.au> X-Mailer: Mew version 2.1 on Emacs 21.2 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In message: <20021119174652.A74461@dilbert.robbins.dropbear.id.au> Tim Robbins writes: : I'm glad you brought this up... I'd like to see /dev/devctl made mode 600 : instead of 644 because it does not look very robust and because only one : devctl can be open at a time. 644 is the right permissions to use. I'd strongly oppose any attempt to change that. devctl will likely grow the ability to be cloned soon. : The two other security/reliability bugs I can see are that the async : (ioctl FIOASYNC) and non-blocking (ioctl FIONBIO) flags are not cleared : between when one process closes the device and another opens it. Leaving : the non-blocking flag set confuses devd(8) causing it to exit immediately. Good point. that's good. : It looks like there are some races involving devsoftc, the softc mutex : should probably be locked around checking the inuse flag in devopen(), : around clearing it in devclose(), around setting async and async_td in : devioctl() FIOASYNC case, around checking inuse and async_td in : devaddq(). I don't think that these are an issue. You never need to lock a mutext just to check a bit. I'm not sure that there's a real race here that matters if you lose or win. Those are atomic operations... Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message