Date: Fri, 31 Oct 2003 13:20:33 -0800 From: andi payn <andi_payn@speedymail.org> To: "M. Warner Losh" <imp@bsdimp.com> Cc: freebsd-hackers@freebsd.org Subject: Re: O_NOACCESS? Message-ID: <1067635232.825.202.camel@verdammt.falcotronic.net> In-Reply-To: <20031031.130229.132929054.imp@bsdimp.com> References: <1067528798.36829.2128.camel@verdammt.falcotronic.net> <20031031162757.GA56981@walton.maths.tcd.ie> <1067628015.825.64.camel@verdammt.falcotronic.net> <20031031.130229.132929054.imp@bsdimp.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 2003-10-31 at 12:02, M. Warner Losh wrote: > In message: <1067628015.825.64.camel@verdammt.falcotronic.net> > andi payn <andi_payn@speedymail.org> writes: > : On Fri, 2003-10-31 at 08:27, David Malone wrote: > : > On Thu, Oct 30, 2003 at 07:46:38AM -0800, andi payn wrote: > : > > In FreeBSD, this doesn't work; you just get EINVAL. > : > > : > I believe this is because of a security problem discovered a few > : > years ago, where you could open a file like /dev/io for neither > : > read nor write but still get the special privelages associated with > : > having the file open. > : > > : > If you were to allow people to open files without read or write > : > permission you'd need to fix problems like this in a different way. > : > : It seems to me that the right way to fix this is to ensure that only the > : superuser can open /dev/io device, no matter what permissions are on it. > > This might not be a bad idea, but it would force at least one company > (mine) to rewrite at least some of their software to run as root. we > currently don't run some things as root because we don't trust them. > But then you are getting into special case kludges. Better to require > that it is opened read or write permissions. Well, the io(4) manpage says: > In addition to any file access permissions on /dev/io, the kernel > enforces that only the super-user may open this device. If this is not true--and especially if it's not true by design--then the manpage ought to be changed. If O_NOACCESS were added, and /dev/io were not changed to match the manpage, then it could instead be changed so that read-only access grants full I/O privileges, but no access does not? > : Are there any other special devices like this in FreeBSD? > > Rewind units on tape drives? If there's no access check done, and I > open the rewind unit as joe-smoe? The close code is what does the > rewind, and you don't have enough knowledge to know if the tape was > opened r/w there. Thanks; that's a good example. Do you have an example of a specific driver so I can look at the code and see what would need to be done?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1067635232.825.202.camel>