Date: Tue, 16 May 1995 07:45:21 +1000 From: Bruce Evans <bde@zeta.org.au> To: bde@zeta.org.au, current@FreeBSD.org, mark@linus.demon.co.uk Subject: Re: MAKEDEV and device permissions Message-ID: <199505152145.HAA10950@godzilla.zeta.org.au>
index | next in thread | raw e-mail
>I would agree with the performance argument if it were significant or >if there were no other factor involved. However, in my opinion it's >more important to make scripts like MAKEDEV as obvious as possible to >reduce the chance that security holes creep in. I find it easier to >read device modes directly than having to work out octal complements >on the fly. You still have to be aware of the umasks unless everything is chmod'ed. I think chmod'ing everything would be too verbose. >Rod showed me a candidate patch which seemed to confuse umasks with >modes (in favour of modes :-), which resulted in some calls to "umask >37" and some to "umask 026" to do the same thing... I started removing the execute bits from the umasks since they are irrelevant for devices (mknod masks them anyway) and wrong for directories. >> Tapes were always supposed to be operator-writeable. This will be fixed >> in 2.0.5. I have the raw floppy operator-writeable locally too, but I >> don't think it is right for general use because floppies can be mounted. >I miss the point here. Only root can mount/umount. Is there a problem >with the operator writing to a device containing a mounted file system? >I thought that type of thing was already prohibited by the kernel. Yes, you write to the device while it is not mounted and wait for root to mount it. Brucehome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199505152145.HAA10950>