O_NOACCESS?

andi payn andi_payn at speedymail.org
Fri Oct 31 13:20:36 PST 2003 

On Fri, 2003-10-31 at 12:02, M. Warner Losh wrote:
> In message: <1067628015.825.64.camel at verdammt.falcotronic.net>
>             andi payn <andi_payn at speedymail.org> writes:
> : On Fri, 2003-10-31 at 08:27, David Malone wrote:
> : > On Thu, Oct 30, 2003 at 07:46:38AM -0800, andi payn wrote:
> : > > In FreeBSD, this doesn't work; you just get EINVAL.
> : > 
> : > I believe this is because of a security problem discovered a few
> : > years ago, where you could open a file like /dev/io for neither
> : > read nor write but still get the special privelages associated with
> : > having the file open.
> : >
> : > If you were to allow people to open files without read or write
> : > permission you'd need to fix problems like this in a different way.
> : 
> : It seems to me that the right way to fix this is to ensure that only the
> : superuser can open /dev/io device, no matter what permissions are on it.
> 
> This might not be a bad idea, but it would force at least one company
> (mine) to rewrite at least some of their software to run as root.  we
> currently don't run some things as root because we don't trust them.
> But then you are getting into special case kludges.  Better to require
> that it is opened read or write permissions.

Well, the io(4) manpage says:
>     In addition to any file access permissions on /dev/io, the kernel
>     enforces that only the super-user may open this device.

If this is not true--and especially if it's not true by design--then the
manpage ought to be changed.

If O_NOACCESS were added, and /dev/io were not changed to match the
manpage, then it could instead be changed so that read-only access
grants full I/O privileges, but no access does not?

> : Are there any other special devices like this in FreeBSD?
> 
> Rewind units on tape drives?  If there's no access check done, and I
> open the rewind unit as joe-smoe?  The close code is what does the
> rewind, and you don't have enough knowledge to know if the tape was
> opened r/w there.

Thanks; that's a good example. Do you have an example of a specific
driver so I can look at the code and see what would need to be done?

More information about the freebsd-hackers mailing list