From owner-freebsd-current  Sat Apr 21 11: 4:57 2001
Delivered-To: freebsd-current@freebsd.org
Received: from mr200.netcologne.de (mr200.netcologne.de [194.8.194.109])
	by hub.freebsd.org (Postfix) with ESMTP id 8147737B423
	for <freebsd-current@FreeBSD.ORG>; Sat, 21 Apr 2001 11:04:53 -0700 (PDT)
	(envelope-from pherman@frenchfries.net)
Received: from husten.security.at12.de (dial-213-168-73-41.netcologne.de [213.168.73.41])
	by mr200.netcologne.de (Mirapoint)
	with ESMTP id AEC59575;
	Sat, 21 Apr 2001 20:04:50 +0200 (CEST)
Received: from localhost (localhost.security.at12.de [127.0.0.1])
	by husten.security.at12.de (8.11.3/8.11.3) with ESMTP id f3LI4hg83135
	for <freebsd-current@FreeBSD.ORG>; Sat, 21 Apr 2001 20:04:43 +0200 (CEST)
	(envelope-from pherman@frenchfries.net)
Date: Sat, 21 Apr 2001 20:04:43 +0200 (CEST)
From: Paul Herman <pherman@frenchfries.net>
To: <freebsd-current@FreeBSD.ORG>
Subject: Re: /bin/df set-gid operator
In-Reply-To: <200104211745.TAA13326@lurza.secnetix.de>
Message-ID: <Pine.BSF.4.33.0104211956290.88695-100000@husten.security.at12.de>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sat, 21 Apr 2001, Oliver Fromme wrote:

> Paul Herman <pherman@frenchfries.net> wrote:
>  > On Sat, 21 Apr 2001, Oliver Fromme wrote:
>  > > I'm wondering why /bin/df is set-gid to the operator group
>  > > by default.
>  >
>  > It's to df filesystems that aren't mounted.  Try "df /dev/ad0s1a" (or
>  > whatever) as user nobody with chmod 555 /bin/df.
>
> Ah, thanks for clueing me.  :-)
> I didn't know that unprivileged users are supposed to be
> allowed to use df on non-mounted filesystems.
>
> I think I'll keep it at mode 555 on my machines.

This brings up a slightly related question:  Now that "cooked" block
devices have been abolished, wouldn't it be a good idea to get rid of
the quick mount(2)/umount(2) of /tmp/df.XXXXXX to stat the file
system?  Something like the following patch.

Not that it should ever get called anyway...

-Paul.

Index: df.c
===================================================================
RCS file: /home/ncvs/src/bin/df/df.c,v
retrieving revision 1.23.2.1
diff -u -r1.23.2.1 df.c
--- df.c	2000/06/13 03:19:40	1.23.2.1
+++ df.c	2001/04/21 18:02:18
@@ -208,40 +208,6 @@
 		} else if ((stbuf.st_mode & S_IFMT) == S_IFCHR) {
 			rv = ufs_df(*argv, maxwidth) || rv;
 			continue;
-		} else if ((stbuf.st_mode & S_IFMT) == S_IFBLK) {
-			if ((mntpt = getmntpt(*argv)) == 0) {
-				mdev.fspec = *argv;
-				mntpath = strdup("/tmp/df.XXXXXX");
-				if (mntpath == NULL) {
-					warn("strdup failed");
-					rv = 1;
-					continue;
-				}
-				mntpt = mkdtemp(mntpath);
-				if (mntpt == NULL) {
-					warn("mkdtemp(\"%s\") failed", mntpath);
-					rv = 1;
-					free(mntpath);
-					continue;
-				}
-				if (mount("ufs", mntpt, MNT_RDONLY,
-				    &mdev) != 0) {
-					rv = ufs_df(*argv, maxwidth) || rv;
-					(void)rmdir(mntpt);
-					free(mntpath);
-					continue;
-				} else if (statfs(mntpt, &statfsbuf) == 0) {
-					statfsbuf.f_mntonname[0] = '\0';
-					prtstat(&statfsbuf, maxwidth);
-				} else {
-					warn("%s", *argv);
-					rv = 1;
-				}
-				(void)unmount(mntpt, 0);
-				(void)rmdir(mntpt);
-				free(mntpath);
-				continue;
-			}
 		} else
 			mntpt = *argv;
 		/*


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message