On Tue, 1 Oct 2002, Brooks Davis wrote: > I just added options GEOM on a kernel from yesterday and noticed today > that Amanda failed to dump my disks overnight. The problem is that the > entries in /dev have the wrong permissions. They should be readable by > group operator, but here's what I have: > > [12:03pm] brooks@minya (/usr/src): ll /dev/ad* > crw------- 1 root wheel 4, 0 Sep 30 16:10 /dev/ad0 > crw------- 1 root wheel 4, 1 Sep 30 16:10 /dev/ad0s1 > crw------- 1 root wheel 4, 2 Sep 30 16:10 /dev/ad0s2 > crw------- 1 root wheel 4, 3 Sep 30 16:10 /dev/ad0s2a > crw------- 1 root wheel 4, 4 Sep 30 16:10 /dev/ad0s2b > crw------- 1 root wheel 4, 5 Sep 30 16:10 /dev/ad0s2c > crw------- 1 root wheel 4, 6 Sep 30 16:10 /dev/ad0s2e > crw------- 1 root wheel 4, 7 Sep 30 16:10 /dev/ad0s2f
One reason I have no confidence in devfs is that its quality is such as to get things like this wrong. There are magic ownerships and permissions in the source code for N drivers where they are hard to audit. The acd driver still uses the insecure mode 0644 despite this being reported a few years ago. World readability is especially insecure for acd since it gives some write access via some ioctls. E.g., everyone has permission to erase writable media. Bruce To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
