Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 31 Oct 2003 13:02:29 -0700 (MST)
From:      "M. Warner Losh" <imp@bsdimp.com>
To:        andi_payn@speedymail.org
Cc:        freebsd-hackers@freebsd.org
Subject:   Re: O_NOACCESS?
Message-ID:  <20031031.130229.132929054.imp@bsdimp.com>
In-Reply-To: <1067628015.825.64.camel@verdammt.falcotronic.net>
References:  <1067528798.36829.2128.camel@verdammt.falcotronic.net> <20031031162757.GA56981@walton.maths.tcd.ie> <1067628015.825.64.camel@verdammt.falcotronic.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
In message: <1067628015.825.64.camel@verdammt.falcotronic.net>
            andi payn <andi_payn@speedymail.org> writes:
: On Fri, 2003-10-31 at 08:27, David Malone wrote:
: > On Thu, Oct 30, 2003 at 07:46:38AM -0800, andi payn wrote:
: > > In FreeBSD, this doesn't work; you just get EINVAL.
: > 
: > I believe this is because of a security problem discovered a few
: > years ago, where you could open a file like /dev/io for neither
: > read nor write but still get the special privelages associated with
: > having the file open.
: >
: > If you were to allow people to open files without read or write
: > permission you'd need to fix problems like this in a different way.
: 
: It seems to me that the right way to fix this is to ensure that only the
: superuser can open /dev/io device, no matter what permissions are on it.

This might not be a bad idea, but it would force at least one company
(mine) to rewrite at least some of their software to run as root.  we
currently don't run some things as root because we don't trust them.
But then you are getting into special case kludges.  Better to require
that it is opened read or write permissions.

: Are there any other special devices like this in FreeBSD?

Rewind units on tape drives?  If there's no access check done, and I
open the rewind unit as joe-smoe?  The close code is what does the
rewind, and you don't have enough knowledge to know if the tape was
opened r/w there.

Warner

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031031.130229.132929054.imp>