On Mon, 9 Feb 2004, Bruce Evans wrote: > On Sun, 8 Feb 2004, Andre Guibert de Bruet wrote: > > > While studying the various FreeBSD SCSI and SCSI RAID drivers, I noticed > > that the file mode (perm mask) varies per driver. So far, I've come across > > 0600, 0640 and 0644. I can't really see why any of these drivers would > > have anything other than 0600, as it would require root access or at least > > write perm to do anything useful with the card. > > All disk (data) devices should have mode 0640 and ownership root:operator > and all disk (control) devices should have mode 0600 and ownership root:wheel. > Distributed setting of ownerships and permissions gives many more bugs than > centralized setting in MAKEDEV. Mode bugs in devfs start at its top level > (its directory has mode 555 although its owner can write to it except > possibly in the jailed case). > > > Here's a quick illustration of what I'm refering to: > > > > aac 0640 (octal notation in code) > > amr 0600 (implemented as S_IRUSR | S_IWUSR) > > asr 0640 (octal notation in code) > > ciss 0600 (implemented as S_IRUSR | S_IWUSR) > > ida 0600 (implemented as S_IRUSR | S_IWUSR) > > iir 0644 (implemented as S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH) > > ips 0600 (implemented as S_IRUSR | S_IWUSR) > > isp 0600 (octal notation in code) > > mly 0600 (implemented as S_IRUSR | S_IWUSR) > > Most of these actually create control devices, so mode 0600 is correct > and group operator is bogus, and mode 0640 is a potental security hole > especially with group operator. Group operator is almost always used > of course. The data devices are mostly created by the disk mini-layer > in RELENG_4 (except RELENG_4 doesn't really have devfs) and by GEOM in > -current. I adjusted and expanded the set of patches that I had to change permissions on the control devices so that they also set the GID to wheel. The assumption that I am making with these patches is that the drivers that are calling make_dev() are creating control devices, as they should be letting GEOM create their data devices. Feedback is welcome here as my GEOM-fu isn't all that hot... I have tried to maintain the style used in the drivers themselves and fixed the long line in the patch for isp_freebsd.c. Regards, Andy > Andre Guibert de Bruet | Enterprise Software Consultant > > Silicon Landmark, LLC. | http://siliconlandmark.com/ >
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:42 UTC