Date: Tue, 16 May 1995 07:45:21 +1000 From: Bruce Evans <bde@zeta.org.au> To: bde@zeta.org.au, current@FreeBSD.org, mark@linus.demon.co.uk Subject: Re: MAKEDEV and device permissions Message-ID: <199505152145.HAA10950@godzilla.zeta.org.au>
next in thread | raw e-mail | index | archive | help
>I would agree with the performance argument if it were significant or >if there were no other factor involved. However, in my opinion it's >more important to make scripts like MAKEDEV as obvious as possible to >reduce the chance that security holes creep in. I find it easier to >read device modes directly than having to work out octal complements >on the fly. You still have to be aware of the umasks unless everything is chmod'ed. I think chmod'ing everything would be too verbose. >Rod showed me a candidate patch which seemed to confuse umasks with >modes (in favour of modes :-), which resulted in some calls to "umask >37" and some to "umask 026" to do the same thing... I started removing the execute bits from the umasks since they are irrelevant for devices (mknod masks them anyway) and wrong for directories. >> Tapes were always supposed to be operator-writeable. This will be fixed >> in 2.0.5. I have the raw floppy operator-writeable locally too, but I >> don't think it is right for general use because floppies can be mounted. >I miss the point here. Only root can mount/umount. Is there a problem >with the operator writing to a device containing a mounted file system? >I thought that type of thing was already prohibited by the kernel. Yes, you write to the device while it is not mounted and wait for root to mount it. Bruce
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199505152145.HAA10950>