Re: [rfc] /dev/devstat permissions patch

From: Xin Li <delphij_at_delphij.net>
Date: Tue, 18 Mar 2014 15:35:11 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi,

Adding phk_at_ to cc since the 400 is from his changeset (r112001).

On 03/18/14 12:29, Maksim Yevmenkin wrote:
> hello,
> 
> would anyone object to the following patch?
> 
> ==
> 
> Index: subr_devstat.c 
> ===================================================================
>
> 
- --- subr_devstat.c (revision 263311)
> +++ subr_devstat.c (working copy) _at__at_ -503,7 +503,7 _at__at_ 
> mtx_assert(&devstat_mutex, MA_NOTOWNED); if (!once) { 
> make_dev_credf(MAKEDEV_ETERNAL | MAKEDEV_CHECKNAME, -
> &devstat_cdevsw, 0, NULL, UID_ROOT, GID_WHEEL, 0400, +
> &devstat_cdevsw, 0, NULL, UID_ROOT, GID_WHEEL, 0444, 
> DEVSTAT_DEVICE_NAME); once = 1; }
> 
> ==
> 
> i'm not sure why /dev/devstat has such restrictive permissions.
> can someone please explain the reason for it? having gstat(8)
> require super-user privilege seems like an overkill me. iostat(8)
> and systat(1) do not require super-user privileges to work.
> 
> and, yes, i know i can override permissions with /etc/devfs.conf,
> just curious what are we protecting from in /dev/devstat

I have similar change locally (except it's GID_OPERATOR and 0440) and
I think your proposed change would be a sensible default.

Cheers,
- -- 
Xin LI <delphij_at_delphij.net>    https://www.delphij.net/
FreeBSD - The Power to Serve!           Live free or die
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (FreeBSD)

iQIcBAEBCgAGBQJTKMofAAoJEJW2GBstM+nspPYQAKt8UiAqDBQwe0KTeH+ykpis
4EG4+oM43Ze8WCc3DgsbB+Dnq4en63z3SXyK7b78ZDN9xVzSmR4Cb6N0W63cuACI
4pE2Wl72P7v6eVgOrrgMJoRjI7BwX0nlOXKCvmwkHznbZSmpjgYTzx9ADYl1T4pP
SKtvgOtCyFXdpGP2adE8kJMRcFvBpbs61Y4hiSLwKE1lGywgLwYWfwkZMWFxGaNW
SU3H7qew5SRoFSF7ZhurhKENwyNR1EHEHXW+Se77TcTUzBIGCQop+78Od+Pxwi/v
KJYFKHS+Z72BRVbpaxowxQGRNSPzqC4dB2nMhrcQaOU8gXRret9OXCfBc7Fmrv31
ot0ewo3GapmNh/9ypMuYNQ+3XsjEmx96ckSeS0oX6lKLR2qIu8+JIMd9Oq0ogNHk
tMdjrX0dkpwedN9UiakbQq8Ws7u/XRfkQEUD8nsDu5gK+f3KlRldboA+GFAjYgX6
F+E4JHfRGWCFYQuzcl48Nkzg4Glw/r8HCHHE+cGqwXXPIGfjtwSIyGGZzw0Nb2Nr
jYfs4aYuGCwFmwUO/hVn47Wbbzmpr7rVbf7EW3PXwZuxPKTVxrEUpYklvCUmkDMi
jYEwQMcIfV7pI+nD1M9bocOk3TQ4nYWqlts2E6J+/qEC/ayXpo4kk/93swimj7wP
p6xDXw3sAX6Xaj0bZqcB
=ktrj
-----END PGP SIGNATURE-----
Received on Tue Mar 18 2014 - 21:35:13 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:47 UTC