[Bug 277228] Device permissions security hole with partitioning (/dev/geom.ctl)

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Sun, 25 Feb 2024 18:18:52 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277228

Warner Losh <imp@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |imp@FreeBSD.org

--- Comment #2 from Warner Losh <imp@FreeBSD.org> ---
On phk's message: i think devfs likely is better... otherwise there are races.
But there is no position data for devfs.. 

I'd just change the modes on geom.ctl to 600. Ownership is long gone by the
time we get the message in geom. The only way to grant fine grained control i
think is with a daemon to proxie things. Operator can get what it needs without
read access to this file... and we should change the open to requiring write
perms.... but that's an incompatible change.. 

Operator is a super powerful club. Granting it means bad things can happen...

-- 
You are receiving this mail because:
You are the assignee for the bug.