From owner-freebsd-hackers@FreeBSD.ORG Fri Oct 31 13:20:36 2003 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1EB3116A4CF for ; Fri, 31 Oct 2003 13:20:36 -0800 (PST) Received: from mta4.adelphia.net (mta4.adelphia.net [68.168.78.184]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0412743FAF for ; Fri, 31 Oct 2003 13:20:35 -0800 (PST) (envelope-from andi_payn@speedymail.org) Received: from [10.1.0.9] ([68.65.235.109]) by mta4.adelphia.net (InterMail vM.5.01.06.05 201-253-122-130-105-20030824) with ESMTP id <20031031212037.MRWM16324.mta4.adelphia.net@[10.1.0.9]>; Fri, 31 Oct 2003 16:20:37 -0500 From: andi payn To: "M. Warner Losh" In-Reply-To: <20031031.130229.132929054.imp@bsdimp.com> References: <1067528798.36829.2128.camel@verdammt.falcotronic.net> <20031031162757.GA56981@walton.maths.tcd.ie> <1067628015.825.64.camel@verdammt.falcotronic.net> <20031031.130229.132929054.imp@bsdimp.com> Content-Type: text/plain Message-Id: <1067635232.825.202.camel@verdammt.falcotronic.net> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.5 Date: Fri, 31 Oct 2003 13:20:33 -0800 Content-Transfer-Encoding: 7bit cc: dwmalone@maths.tcd.ie cc: freebsd-hackers@freebsd.org Subject: Re: O_NOACCESS? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 31 Oct 2003 21:20:36 -0000 On Fri, 2003-10-31 at 12:02, M. Warner Losh wrote: > In message: <1067628015.825.64.camel@verdammt.falcotronic.net> > andi payn writes: > : On Fri, 2003-10-31 at 08:27, David Malone wrote: > : > On Thu, Oct 30, 2003 at 07:46:38AM -0800, andi payn wrote: > : > > In FreeBSD, this doesn't work; you just get EINVAL. > : > > : > I believe this is because of a security problem discovered a few > : > years ago, where you could open a file like /dev/io for neither > : > read nor write but still get the special privelages associated with > : > having the file open. > : > > : > If you were to allow people to open files without read or write > : > permission you'd need to fix problems like this in a different way. > : > : It seems to me that the right way to fix this is to ensure that only the > : superuser can open /dev/io device, no matter what permissions are on it. > > This might not be a bad idea, but it would force at least one company > (mine) to rewrite at least some of their software to run as root. we > currently don't run some things as root because we don't trust them. > But then you are getting into special case kludges. Better to require > that it is opened read or write permissions. Well, the io(4) manpage says: > In addition to any file access permissions on /dev/io, the kernel > enforces that only the super-user may open this device. If this is not true--and especially if it's not true by design--then the manpage ought to be changed. If O_NOACCESS were added, and /dev/io were not changed to match the manpage, then it could instead be changed so that read-only access grants full I/O privileges, but no access does not? > : Are there any other special devices like this in FreeBSD? > > Rewind units on tape drives? If there's no access check done, and I > open the rewind unit as joe-smoe? The close code is what does the > rewind, and you don't have enough knowledge to know if the tape was > opened r/w there. Thanks; that's a good example. Do you have an example of a specific driver so I can look at the code and see what would need to be done?