From owner-freebsd-current@FreeBSD.ORG Sun Feb 8 08:36:26 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 90EF216A4CE for ; Sun, 8 Feb 2004 08:36:26 -0800 (PST) Received: from smtp.mho.com (smtp.mho.net [64.58.4.5]) by mx1.FreeBSD.org (Postfix) with SMTP id 75B2E43D31 for ; Sun, 8 Feb 2004 08:36:26 -0800 (PST) (envelope-from scottl@freebsd.org) Received: (qmail 73641 invoked by uid 1002); 8 Feb 2004 16:36:23 -0000 Received: from unknown (HELO freebsd.org) (64.58.1.252) by smtp.mho.net with SMTP; 8 Feb 2004 16:36:23 -0000 Message-ID: <402664F2.40107@freebsd.org> Date: Sun, 08 Feb 2004 09:33:54 -0700 From: Scott Long User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.5) Gecko/20031103 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Bruce Evans References: <20040208022417.M91658@alpha.siliconlandmark.com> <20040208235936.M44718@gamplex.bde.org> In-Reply-To: <20040208235936.M44718@gamplex.bde.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: current@freebsd.org Subject: Re: make_dev(9) perms for SCSI & SCSI RAID drivers in CURRENT. X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Feb 2004 16:36:26 -0000 Bruce Evans wrote: > > % Index: aac.c > % =================================================================== > % RCS file: /home/ncvs/src/sys/dev/aac/aac.c,v > % retrieving revision 1.85 > % diff -u -r1.85 aac.c > % --- aac.c 7 Feb 2004 17:40:37 -0000 1.85 > % +++ aac.c 8 Feb 2004 08:09:48 -0000 > % @@ -51,6 +51,7 @@ > % #include > % #include > % #include > % +#include > % > % #include > % #include > % @@ -271,7 +272,7 @@ > % */ > % unit = device_get_unit(sc->aac_dev); > % sc->aac_dev_t = make_dev(&aac_cdevsw, unit, UID_ROOT, GID_OPERATOR, > % - 0640, "aac%d", unit); > % + S_IRUSR | S_IWUSR, "aac%d", unit); > % (void)make_dev_alias(sc->aac_dev_t, "afa%d", unit); > % (void)make_dev_alias(sc->aac_dev_t, "hpn%d", unit); > % sc->aac_dev_t->si_drv1 = sc; > > This is the control device. The change closes the security hole but leaves > a bogus group. Correct attributes may be found in any (?) version of > MAKEDEV that supports aac: > > %%% > aac*) > unit=`expr $i : 'aac\(.*\)'` > mknod aac$unit c 150 `unit2minor $unit` > ln -fs aac$unit afa$unit > ln -fs aac$unit hpn$unit > ;; > %%% > > The default for MAKEDEV is mode 0600 ownership root:wheel, so secure > permissions and ownerships are automatic. make_dev() should have > similar defaults, or macros for secure and other classes of attributes > should be used (corresponding to $secure_umask and $disk_umask in > MAKEDEV). disk_umask=037 corresponds to mode 0640. The reasons for /dev/aacX being 0640 are historical and dubious. It was expected that a member of the operator group should be able to use the 'aaccli' tool in Read-Only mode to check the status of the hardware. I'm happy to change this. > > The change preserves style bugs (-ce instead of -ci4 indentation). > > % Index: asr.c > % =================================================================== > % RCS file: /home/ncvs/src/sys/dev/asr/asr.c,v > % retrieving revision 1.38 > % diff -u -r1.38 asr.c > % --- asr.c 26 Sep 2003 15:56:42 -0000 1.38 > % +++ asr.c 8 Feb 2004 07:59:18 -0000 > % @@ -3127,8 +3127,8 @@ > % /* > % * Generate the device node information > % */ > % - (void)make_dev(&asr_cdevsw, unit, UID_ROOT, GID_OPERATOR, 0640, > % - "rasr%d", unit); > % + (void)make_dev(&asr_cdevsw, unit, UID_ROOT, GID_OPERATOR, > % + S_IRUSR | S_IWUSR, "rasr%d", unit); > % ATTACH_RETURN(0); > % } /* asr_attach */ > % > > Similarly, except asr is not in RELENG_4's MAKEDEV, the device is not so > clearly a control device 9aac.c has an explicit comment about this but aar.c > only mentions control devices in its in-file history, and asr still hasn't > caught up with the removal of the 'r' devices which occurred about 2 > months before asr was imported. asr seems to be a normal SCSI disk driver > so its disks are named da*. Apparently its control devices is so little > used that is not missed. asr is much more wrong than you might want to believe. The original intent of the author was to create his own dynamic major allocation scheme for the control device. The driver would manually look through the cdevsw for an unused slot, populate it, then print a line to console that advertised what major had been stolen. Then a userland app would run, look for that line on the console, and manually create the device nodes in /dev. In 5.x, Poul-Henning made the cdevsw symbol non-public, so a minimal amount of work was done to make the asr driver cope. That work is not done, though it might resume in the near future. In any case, the control device is in fact used my many people who also appear to miss it being operational in 5.x. Scott