Date: Sun, 5 Nov 2000 13:12:19 -0500 (EST) From: Robert Watson <rwatson@FreeBSD.org> To: Don Lewis <Don.Lewis@tsc.tdk.com> Cc: "Brian F. Feldman" <green@FreeBSD.org>, Don Lewis <truckman@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/etc MAKEDEV src/release Makefile Message-ID: <Pine.NEB.3.96L.1001105131032.43654X-100000@fledge.watson.org> In-Reply-To: <200011051757.JAA21013@salsa.gv.tsc.tdk.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 5 Nov 2000, Don Lewis wrote: > } You have to be careful about including "mnt2" in any path: the /mnt* > } directories are used for a variety of purposes, and there are no > } guarantees about ownership. Having MAKENOD add /mnt* to the path may > } introduce security problems if the media mounted is untrusted or has > } permissions allowing non-privileged users to make changes to its stand > } subtree. I.e., this path assumes that only trusted FreeBSD install media > } is ever mounted on /mnt2, which is false. As such I'd strongly object to > } adding mnt2 to the MAKEDEV path. > > MAKEDEV already has a hook to change the PATH, $MAKEDEVPATH. If this > variable is not set, then MAKEDEV just hardwired PATH to /sbin:/bin (or > it did until my previous change). There was never any code in the tree > that set MAKEDEVPATH. I'm preparing to commit a change to sysinstall > that will set MAKEDEVPATH to include the /mnt2 stuff before it kicks off > the fixit floppy. > > With this fix, MAKEDEV won't normally have /mnt2 in it's path, it will > only be there when run from fixit. In any case, putting /mnt2 at the Ok, sounds good to me--I thought this was the general case and not just the repair floppy case, in which I agree this is fine. > end of the path would be safe, because all the binaries that MAKEDEV > will run will be found in /sbin and /bin which come first, unless > someone has deleted them ... It's a fail-closed thing: if the admin hoses a couple of entries in /sbin or /bin, then users with the ability to write to /mnt2 should not be able to leverage privilege in the default system. Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1001105131032.43654X-100000>