From owner-freebsd-questions@FreeBSD.ORG  Tue Sep  2 13:35:44 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 51F5716A4BF
	for <freebsd-questions@freebsd.org>;
	Tue,  2 Sep 2003 13:35:44 -0700 (PDT)
Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk
	[81.2.69.218])	by mx1.FreeBSD.org (Postfix) with ESMTP id 812B343FE0
	for <freebsd-questions@freebsd.org>;
	Tue,  2 Sep 2003 13:35:39 -0700 (PDT)
	(envelope-from m.seaman@infracaninophile.co.uk)
Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [127.0.0.1])
	h82KYZQr015364
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Tue, 2 Sep 2003 21:35:30 +0100 (BST)
	(envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk)
Received: (from matthew@localhost)h82KYZk9015363;
	Tue, 2 Sep 2003 21:34:35 +0100 (BST)	(envelope-from matthew)
Date: Tue, 2 Sep 2003 21:34:35 +0100
From: Matthew Seaman <m.seaman@infracaninophile.co.uk>
To: Ed Alley <alley1@llnl.gov>
Message-ID: <20030902203435.GA14407@happy-idiot-talk.infracaninophile.co.uk>
Mail-Followup-To: Matthew Seaman <m.seaman@infracaninophile.co.uk>,
	Ed Alley <alley1@llnl.gov>, freebsd-questions@freebsd.org
References: <200309021937.h82JbLY3011572@jordan.llnl.gov>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="6TrnltStXW4iwmi0"
Content-Disposition: inline
In-Reply-To: <200309021937.h82JbLY3011572@jordan.llnl.gov>
User-Agent: Mutt/1.5.4i
X-Spam-Status: No, hits=-11.4 required=5.0
	tests=AWL,BAYES_01,EMAIL_ATTRIBUTION,IN_REP_TO,PGP_SIGNATURE_2,
	      QUOTED_EMAIL_TEXT,REFERENCES,REPLY_WITH_QUOTES,
	      USER_AGENT_MUTT
	autolearn=ham version=2.55
X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)
cc: freebsd-questions@freebsd.org
Subject: Re: your mail
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Sep 2003 20:35:44 -0000


--6TrnltStXW4iwmi0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Sep 02, 2003 at 12:37:21PM -0700, Ed Alley wrote:
>=20
> > On Tue, 2003-09-02 at 14:32, Ed Alley wrote:
> >> I'm running FreeBSD-4.8. Sometimes the file permissions for /dev/null =
get
> >> mysteriously changed by some unknown process to:
> >>=20
> >> 	crw------- 1 root wheel 2, 2 Sep 2 11:20 /dev/null
>=20
> > On Tue, 2003-09-02 Adam McLaurin wrote:
> > That's very strange indeed. Have you tried using chflags to prevent the
> > permissions from being changed? This should do the trick, albeit a dirty
> > hack.
>=20
> Sorry, I didn't mention that I tried setting flags on /dev/null:
>=20
> 	chflags schg /dev/null
>=20
> What happens is that sendmail complains that it can't open /dev/null.
>=20
> Hey! I just realized that this may be a clue! Does sendmail fiddle with
> /dev/null? What happens if sendmail tries to lock /dev/null after it
> opens it? Does schg prevent fcntl from locking /dev/null, if that is
> what sendmail uses?

Lock it why? There's no point locking the null device -- it's not like
it has contents that can be changed out from underneath a process...

Besides, a large number of processes tend to have open descriptors on
/dev/null -- any well behaved daemon process will close its stdin,
stdout and stderr and re-open them on /dev/null as part of the
standard setup for becoming a daemon.  See daemon(3).  Getting a
mandatory exclusive lock on /dev/null early in the boot process would
be a very effective way to cripple a system...

If you want to see what processes have an open file descriptor on
/dev/null, try:

    % fstat -f /dev | grep ' null '

There will be more than you expect.  As for tracking down what process
has mucked up the permissions on the device: that's going to be quite
laborious.  You'll probably have to do something horribly tedious like
not running each process (that uses /dev/null) in turn, and see if you
can identify when the chmod(2) doesn't happen.  It would have to be a
root-owned process to change the permissions on the device, which will
cut the list down a bit. Remember though that many daemon processes
will start as UID root in order to bind low-numbered network ports,
and then change their UID to something less privileged as a security
measure.

	Cheers,

	Matthew=09

--=20
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK

--6TrnltStXW4iwmi0
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)

iD8DBQE/VP7bdtESqEQa7a0RAj+RAJ94malpNZpjWn/LOvW0yHqdbjEL0gCfSSIJ
ctyV4vTLiEeMOu30bNqiDQ8=
=aHXR
-----END PGP SIGNATURE-----

--6TrnltStXW4iwmi0--