Date: Wed, 2 Oct 2002 12:42:45 +1000 (EST) From: Bruce Evans <bde@zeta.org.au> To: Brooks Davis <brooks@one-eyed-alien.net> Cc: Poul-Henning Kamp <phk@FreeBSD.ORG>, <current@FreeBSD.ORG> Subject: Re: HEADSUP! GEOM as default in 5 days... Message-ID: <20021002122851.K3584-100000@gamplex.bde.org> In-Reply-To: <20021001120800.A29681@Odin.AC.HMC.Edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 1 Oct 2002, Brooks Davis wrote: > I just added options GEOM on a kernel from yesterday and noticed today > that Amanda failed to dump my disks overnight. The problem is that the > entries in /dev have the wrong permissions. They should be readable by > group operator, but here's what I have: > > [12:03pm] brooks@minya (/usr/src): ll /dev/ad* > crw------- 1 root wheel 4, 0 Sep 30 16:10 /dev/ad0 > crw------- 1 root wheel 4, 1 Sep 30 16:10 /dev/ad0s1 > crw------- 1 root wheel 4, 2 Sep 30 16:10 /dev/ad0s2 > crw------- 1 root wheel 4, 3 Sep 30 16:10 /dev/ad0s2a > crw------- 1 root wheel 4, 4 Sep 30 16:10 /dev/ad0s2b > crw------- 1 root wheel 4, 5 Sep 30 16:10 /dev/ad0s2c > crw------- 1 root wheel 4, 6 Sep 30 16:10 /dev/ad0s2e > crw------- 1 root wheel 4, 7 Sep 30 16:10 /dev/ad0s2f One reason I have no confidence in devfs is that its quality is such as to get things like this wrong. There are magic ownerships and permissions in the source code for N drivers where they are hard to audit. The acd driver still uses the insecure mode 0644 despite this being reported a few years ago. World readability is especially insecure for acd since it gives some write access via some ioctls. E.g., everyone has permission to erase writable media. Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021002122851.K3584-100000>