From owner-freebsd-bugs@FreeBSD.ORG Wed Dec 21 19:40:05 2005 Return-Path: X-Original-To: freebsd-bugs@hub.freebsd.org Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F282C16A41F for ; Wed, 21 Dec 2005 19:40:04 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9D10843D5C for ; Wed, 21 Dec 2005 19:40:03 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id jBLJe3Kl020369 for ; Wed, 21 Dec 2005 19:40:03 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id jBLJe3Ku020368; Wed, 21 Dec 2005 19:40:03 GMT (envelope-from gnats) Resent-Date: Wed, 21 Dec 2005 19:40:03 GMT Resent-Message-Id: <200512211940.jBLJe3Ku020368@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Darren Pilgrim Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1B28C16A41F for ; Wed, 21 Dec 2005 19:30:12 +0000 (GMT) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [216.136.204.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9FCDC43D58 for ; Wed, 21 Dec 2005 19:30:11 +0000 (GMT) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.13.1/8.13.1) with ESMTP id jBLJUBQj002373 for ; Wed, 21 Dec 2005 19:30:11 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.13.1/8.13.1/Submit) id jBLJUB7I002372; Wed, 21 Dec 2005 19:30:11 GMT (envelope-from nobody) Message-Id: <200512211930.jBLJUB7I002372@www.freebsd.org> Date: Wed, 21 Dec 2005 19:30:11 GMT From: Darren Pilgrim To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-2.3 Cc: Subject: conf/90760: /etc/rc.d/devfs does permit the use of device globbing in /etc/devfs.conf X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Dec 2005 19:40:05 -0000 >Number: 90760 >Category: conf >Synopsis: /etc/rc.d/devfs does permit the use of device globbing in /etc/devfs.conf >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Dec 21 19:40:02 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Darren Pilgrim >Release: RELENG_6_0 >Organization: >Environment: FreeBSD web.twinthornes.com 6.0-RELEASE-p1 FreeBSD 6.0-RELEASE-p1 #0: Tue Dec 20 13:44:00 PST 2005 root@web.twinthornes.com:/usr/obj/usr/src/sys/TTPWEB i386 >Description: When you need to change the default ownership or permissions on a device node, /etc/devfs.conf provides a good mechanism to do so. When you need to make the same change to a large number of devices, such as /dev/da0* or /dev/cuad*, the syntax of devfs.conf becomes tedious because it lacks the ability to use shell filename globbing. If you try to use globbing, devfs fails with an error. For example, if you wanted to change all of the "dial-out" serial devices to a new user and disallow group access, you would need to use: #own cuad0 user #own cuad0.init user #own cuad0.lock user #perm cuad0 0600 #perm cuad0.init 0600 #perm cuad0.lock 0600 #own cuad1 user #own cuad1.init user #own cuad1.lock user #perm cuad1 0600 #perm cuad1.init 0600 #perm cuad1.lock 0600 <...> #own cuadN user #own cuadN.init user #own cuadN.lock user #perm cuadN 0600 #perm cuadN.init 0600 #perm cuadN.lock 0600 If file-globbing where permitting, this large collection of lines could be shorten to just two: own cuad* user perm cuad* 0600 >How-To-Repeat: Add a line to /etc/devfs.conf containing globbing characters in the device name and watch devfs blow up. >Fix: The following patch against v1.10 and v1.11 of /etc/rc.d/devfs changes the case structure used to parse the lines of /etc/devfs.conf. The patch wraps the if...then statements in for...done loops such that the file-globbing capabilities of /bin/sh can be used to create a list of devices on which to perform the specified action. This code is still safe, AFAIK, due to the conditionals already present. --- /usr/src/etc/rc.d/devfs Fri Oct 22 23:50:50 2004 +++ /etc/rc.d/devfs Wed Dec 21 01:16:24 2005 @@ -41,19 +41,25 @@ { if [ -r /etc/devfs.conf ]; then cd /dev - while read action device parameter; do + while read action devicelist parameter; do case "${action}" in - l*) if [ -c ${device} -a ! -e ${parameter} ]; then - ln -fs ${device} ${parameter} - fi + l*) for device in ${devicelist}; do + if [ -c ${device} -a ! -e ${parameter} ]; then + ln -fs ${device} ${parameter} + fi + done ;; - o*) if [ -c ${device} ]; then - chown ${parameter} ${device} - fi + o*) for device in ${devicelist}; do + if [ -c ${device} ]; then + chown ${parameter} ${device} + fi + done ;; - p*) if [ -c ${device} ]; then - chmod ${parameter} ${device} - fi + p*) for device in ${devicelist}; do + if [ -c ${device} ]; then + chmod ${parameter} ${device} + fi + done ;; esac done < /etc/devfs.conf >Release-Note: >Audit-Trail: >Unformatted: