From owner-freebsd-hackers Thu Oct 17 05:25:21 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id FAA27155 for hackers-outgoing; Thu, 17 Oct 1996 05:25:21 -0700 (PDT) Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.2.228.19]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id FAA27149 for ; Thu, 17 Oct 1996 05:25:16 -0700 (PDT) Received: (from bde@localhost) by godzilla.zeta.org.au (8.7.6/8.6.9) id WAA27185; Thu, 17 Oct 1996 22:18:51 +1000 Date: Thu, 17 Oct 1996 22:18:51 +1000 From: Bruce Evans Message-Id: <199610171218.WAA27185@godzilla.zeta.org.au> To: msmith@atrad.adelaide.edu.au, terry@lambert.org Subject: Re: FreeBSD 2.2.x release question Cc: freebsd-hackers@FreeBSD.org, jehamby@lightside.com, jkh@time.cdrom.com, jsigmon@www.hsc.wvu.edu Sender: owner-hackers@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk >The issue with persistence is that not everyone is happy with the >default permissions puked up by the drivers. Our embedded boxes, for >example, want /dev/io 0660, which would be insane for a production >system. Not much more insane than the existence of /dev/io :-). > >In essence, the "persistence" for devfs needs to hold : > > - ownership > - permissions > - symlinks > >IMHO, there's nothing there that can't be achieved with a script >argument to mount_devfs, although it could be argued that because the Nothing that can't be achieved with a script argument to /bin/sh. >devfs has to be mounted before the script could be processed there is >a potential window of vulnerability there. The initial permissions must be highly secure so that there is no window. root.wheel with permissions 000 would be best. Then there would be no possible holes and no policy about ownerships or permissions in the kernel. (The kernel currently has the uid and gid of uucp and dialer hard-coded :-(.) However, this would require a huge script. Bruce