[Bug 277228] Device permissions security hole with partitioning (/dev/geom.ctl)

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277228

--- Comment #4 from Warner Losh <imp@FreeBSD.org> ---
(In reply to Kyle Evans from comment #3)

There's no API for cdevs to get their owners, nor is there any process
associated with the request by the time we get into the geom nodes that are
fielding the verbs. So it's quite difficult to apply security checks that
deeply down in the stack since there's no process context associated with the
request. One could do ad-hoc things at that level, but no other drivers do that
sort of thing. Once you are past the 'open' check, there's very little else.
One could add checks at the ioctl, but you don't know what node(s) the command
affects there (without putting all the knowledge of the lower layers into the
ioctl).

What's unclear to me, though I think it would work, would just be to remove any
permission for operator for /dev/geom.ctl (that is make it 0600 permission). I
don't think there's anything that operator needs to do its mandate (such as it
still is) that it can't get from other sources.

Operator already can read all the data in your system, though, so there's
already a fair amount of trust in operator.

-- 
You are receiving this mail because:
You are the assignee for the bug.