From owner-cvs-all Sun Nov 5 14:52:34 2000 Delivered-To: cvs-all@freebsd.org Received: from green.dyndns.org (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 4966237B4CF; Sun, 5 Nov 2000 14:52:17 -0800 (PST) Received: from localhost (jfq5qf@localhost [127.0.0.1]) by green.dyndns.org (8.11.0/8.11.0) with ESMTP id eA5Mq3543276; Sun, 5 Nov 2000 17:52:11 -0500 (EST) (envelope-from green@FreeBSD.org) Message-Id: <200011052252.eA5Mq3543276@green.dyndns.org> X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4 To: Don Lewis Cc: Robert Watson , "Brian F. Feldman" , Don Lewis , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/etc MAKEDEV src/release Makefile In-Reply-To: Message from Don Lewis of "Sun, 05 Nov 2000 09:57:19 PST." <200011051757.JAA21013@salsa.gv.tsc.tdk.com> From: "Brian F. Feldman" Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sun, 05 Nov 2000 17:52:02 -0500 Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Don Lewis wrote: > On Nov 5, 12:47pm, Robert Watson wrote: > } Subject: Re: cvs commit: src/etc MAKEDEV src/release Makefile > } > } On Sun, 5 Nov 2000, Don Lewis wrote: > } > } > On Nov 5, 11:34am, "Brian F. Feldman" wrote: > } > } Subject: Re: cvs commit: src/etc MAKEDEV src/release Makefile > } > } > } > } Ack! The idea of MAKEDEV having a restricted path is to prevent people from > } > } repeatedly using stuff from /usr/bin etc. in MAKEDEV, which they love to do. > } > } This change breaks that. The right thing to do would be to either one of: > } > } 1) Change the default PATH in MAKEDEV to include the fixit floppy's paths. > } > } 2) Make the fixit floppy set MAKEDEVPATH=/sbin:/bin:/mnt2/stand. > } > > } > Now you tell me ... > } > } You have to be careful about including "mnt2" in any path: the /mnt* > } directories are used for a variety of purposes, and there are no > } guarantees about ownership. Having MAKENOD add /mnt* to the path may > } introduce security problems if the media mounted is untrusted or has > } permissions allowing non-privileged users to make changes to its stand > } subtree. I.e., this path assumes that only trusted FreeBSD install media > } is ever mounted on /mnt2, which is false. As such I'd strongly object to > } adding mnt2 to the MAKEDEV path. > > MAKEDEV already has a hook to change the PATH, $MAKEDEVPATH. If this > variable is not set, then MAKEDEV just hardwired PATH to /sbin:/bin > (or it did until my previous change). There was never any code in the > tree that set MAKEDEVPATH. I'm preparing to commit a change to > sysinstall that will set MAKEDEVPATH to include the /mnt2 stuff > before it kicks off the fixit floppy. > > With this fix, MAKEDEV won't normally have /mnt2 in it's path, it will > only be there when run from fixit. In any case, putting /mnt2 at the > end of the path would be safe, because all the binaries that MAKEDEV > will run will be found in /sbin and /bin which come first, unless > someone has deleted them ... Thank you :) This is exactly what I had in mind! I've never tried to run MAKEDEV from the fixit floppy before, as the nodes I needed has always been there. I guess it's time to search for more PRs that complained about this. -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / green@FreeBSD.org `------------------------------' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message