Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 18 Mar 2014 12:29:32 -0700
From:      Maksim Yevmenkin <emax@freebsd.org>
To:        "current@freebsd.org" <current@freebsd.org>
Subject:   [rfc] /dev/devstat permissions patch
Message-ID:  <CAFPOs6pAfrmN8U0jWn%2BoTLDWg%2B-U%2BhjLr5fuq-Fw1Q_jrmqc0Q@mail.gmail.com>

next in thread | raw e-mail | index | archive | help
hello,

would anyone object to the following patch?

==

Index: subr_devstat.c
===================================================================
--- subr_devstat.c (revision 263311)
+++ subr_devstat.c (working copy)
@@ -503,7 +503,7 @@
  mtx_assert(&devstat_mutex, MA_NOTOWNED);
  if (!once) {
  make_dev_credf(MAKEDEV_ETERNAL | MAKEDEV_CHECKNAME,
-    &devstat_cdevsw, 0, NULL, UID_ROOT, GID_WHEEL, 0400,
+    &devstat_cdevsw, 0, NULL, UID_ROOT, GID_WHEEL, 0444,
     DEVSTAT_DEVICE_NAME);
  once = 1;
  }

==

i'm not sure why /dev/devstat has such restrictive permissions. can
someone please explain the reason for it? having gstat(8) require
super-user privilege seems like an overkill me. iostat(8) and
systat(1) do not require super-user privileges to work.

and, yes, i know i can override permissions with /etc/devfs.conf, just
curious what are we protecting from in /dev/devstat

thanks,
max



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFPOs6pAfrmN8U0jWn%2BoTLDWg%2B-U%2BhjLr5fuq-Fw1Q_jrmqc0Q>