conf/90760: /etc/rc.d/devfs does permit the use of device globbing in /etc/devfs.conf

Wed Dec 21 11:40:05 PST 2005

>Number:         90760
>Category:       conf
>Synopsis:       /etc/rc.d/devfs does permit the use of device globbing in /etc/devfs.conf
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Dec 21 19:40:02 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Darren Pilgrim
>Release:        RELENG_6_0
>Organization:
>Environment:
FreeBSD web.twinthornes.com 6.0-RELEASE-p1 FreeBSD 6.0-RELEASE-p1 #0: Tue Dec 20 13:44:00 PST 2005     root at web.twinthornes.com:/usr/obj/usr/src/sys/TTPWEB  i386

>Description:
When you need to change the default ownership or permissions on a device node, /etc/devfs.conf provides a good mechanism to do so.  When you need to make the same change to a large number of devices, such as /dev/da0* or /dev/cuad*, the syntax of devfs.conf becomes tedious because it lacks the ability to use shell filename globbing.  If you try to use globbing, devfs fails with an error.  For example, if you wanted to change all of the "dial-out" serial devices to a new user and disallow group access, you would need to use:

#own	cuad0		user
#own	cuad0.init	user
#own	cuad0.lock	user
#perm	cuad0		0600
#perm	cuad0.init	0600
#perm	cuad0.lock	0600
#own	cuad1		user
#own	cuad1.init	user
#own	cuad1.lock	user
#perm	cuad1		0600
#perm	cuad1.init	0600
#perm	cuad1.lock	0600
<...>
#own	cuadN		user
#own	cuadN.init	user
#own	cuadN.lock	user
#perm	cuadN		0600
#perm	cuadN.init	0600
#perm	cuadN.lock	0600

If file-globbing where permitting, this large collection of lines could be shorten to just two:

own	cuad*		user
perm	cuad*		0600

>How-To-Repeat:
Add a line to /etc/devfs.conf containing globbing characters in the device name and watch devfs blow up.
>Fix:
The following patch against v1.10 and v1.11 of /etc/rc.d/devfs changes the case structure used to parse the lines of /etc/devfs.conf.  The patch wraps the if...then statements in for...done loops such that the file-globbing capabilities of /bin/sh can be used to create a list of devices on which to perform the specified action.  This code is still safe, AFAIK, due to the conditionals already present.

--- /usr/src/etc/rc.d/devfs	Fri Oct 22 23:50:50 2004
+++ /etc/rc.d/devfs	Wed Dec 21 01:16:24 2005
@@ -41,19 +41,25 @@
 {
 	if [ -r /etc/devfs.conf ]; then
 		cd /dev
-		while read action device parameter; do
+		while read action devicelist parameter; do
 			case "${action}" in
-			l*)	if [ -c ${device} -a ! -e ${parameter} ]; then
-					ln -fs ${device} ${parameter}
-				fi
+			l*)	for device in ${devicelist}; do
+					if [ -c ${device} -a ! -e ${parameter} ]; then
+						ln -fs ${device} ${parameter}
+					fi
+				done
 				;;
-			o*)	if [ -c ${device} ]; then
-					chown ${parameter} ${device}
-				fi
+			o*)	for device in ${devicelist}; do
+					if [ -c ${device} ]; then
+						chown ${parameter} ${device}
+					fi
+				done
 				;;
-			p*)	if [ -c ${device} ]; then
-					chmod ${parameter} ${device}
-				fi
+			p*)	for device in ${devicelist}; do
+					if [ -c ${device} ]; then
+						chmod ${parameter} ${device}
+					fi
+				done
 				;;
 			esac
 		done < /etc/devfs.conf

>Release-Note:
>Audit-Trail:
>Unformatted:
