Date: Fri, 31 Oct 2003 11:20:15 -0800 From: andi payn <andi_payn@speedymail.org> To: David Malone <dwmalone@maths.tcd.ie> Cc: freebsd-hackers@freebsd.org Subject: Re: O_NOACCESS? Message-ID: <1067628015.825.64.camel@verdammt.falcotronic.net> In-Reply-To: <20031031162757.GA56981@walton.maths.tcd.ie> References: <1067528798.36829.2128.camel@verdammt.falcotronic.net> <20031031162757.GA56981@walton.maths.tcd.ie>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 2003-10-31 at 08:27, David Malone wrote: > On Thu, Oct 30, 2003 at 07:46:38AM -0800, andi payn wrote: > > In FreeBSD, this doesn't work; you just get EINVAL. > > I believe this is because of a security problem discovered a few > years ago, where you could open a file like /dev/io for neither > read nor write but still get the special privelages associated with > having the file open. > > If you were to allow people to open files without read or write > permission you'd need to fix problems like this in a different way. It seems to me that the right way to fix this is to ensure that only the superuser can open /dev/io device, no matter what permissions are on it. And the manpage says that this restriction is there. Of course it would be a good idea to check the code and make sure this really is true before (re-?)enabling O_NOACCESS. Are there any other special devices like this in FreeBSD?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1067628015.825.64.camel>