Date: Thu, 13 Jan 2005 17:18:24 -0800 (PST) From: Doug White <dwhite@gumbysoft.com> To: "Simon L. Nielsen" <simon@nitro.dk> Cc: Pawel Jakub Dawidek <pjd@FreeBSD.org> Subject: Re: GMIRROR can be destroyed by ordinary users Message-ID: <20050113171630.M13904@carver.gumbysoft.com> In-Reply-To: <20050108185456.GK13899@zaphod.nitro.dk> References: <200501081532.22911.emanuel.strobl@gmx.net> <200501081549.21317.emanuel.strobl@gmx.net> <20050108183942.GB795@darkness.comp.waw.pl> <20050108185456.GK13899@zaphod.nitro.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 8 Jan 2005, Simon L. Nielsen wrote: > On 2005.01.08 19:39:42 +0100, Pawel Jakub Dawidek wrote: > > On Sat, Jan 08, 2005 at 04:33:14PM +0100, Simon L. Nielsen wrote: > > +> I'm not really sure it is expected that you can do that when being in > > +> the operator group. > > > > Yes. If you want to change it you should do: > > > > # chmod 600 /dev/geom.ctl > > Being in the operator group only gives read access to /dev/geom.ctl > (it's root:operator crw-r-----) so I think it's somewhat counter > intuitive that one can stop the mirror without write permission there. > Wouldn't it be better to only allow stopping the mirror (and similar) > if the user has write access to geom.ctl? ioctls generally open the control device read-only so they will succeed if the user had read access to the device. ioctls themselves do not have read or write permission bits, so its all-or-nothing unless the driver or kernel code does suser() type checks. At least at a filesystem level. -- Doug White | FreeBSD: The Power to Serve dwhite@gumbysoft.com | www.FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050113171630.M13904>