From nobody Mon Feb 26 03:11:05 2024
X-Original-To: geom@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Tjlxj4Qypz5CC7X
	for <geom@mlmmj.nyi.freebsd.org>; Mon, 26 Feb 2024 03:11:05 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Tjlxj2ZyNz45yY
	for <geom@FreeBSD.org>; Mon, 26 Feb 2024 03:11:05 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1708917065; a=rsa-sha256; cv=none;
	b=Y5EnTrnywDJGolS0DGcLETML0I8AjHi2phG1cEiQ0aVXczE8k2Fh9KTN9ut64TIw2i3NjR
	TJigpzXCFbKC1+PhuWazfJVXs92B/y/dRKiwepeMn07GrwFGZmGkl00hc1XkAsjWoEdqTi
	llq8WL9325kGjP6GjwKghR90ARi05GVx7j5XzeOpjd/hDYXOzk9JRp00scHl01GpfVnsse
	7PJMuDfo0nSk5sRcHReV9+6SvrolWR4ox+r1G680IJlV3ySEs/87ncsBl92ydFJ8uEbGOe
	2E/A7Zpqghu3JrlAlLYtFyCpiD5FbhEN1/2YQjG5PYRWszKIKojxfQvhwu2CYA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1708917065;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=xtPZm79LX7eVeljXxiOW2IsNgvvR4Hki+1dxQFRjJkc=;
	b=T5ugTLA44g+cjfXCkvj4BYd1nGksMOr/L3bPrlLuibs330468UVaBWYj+7t7GcMmhydc9d
	10wnKyY53SMzNauVpY4ceor2N7/7/RF/LudTLiLJivuuVjqD4YZCJFlxFEriRqFKbd6wZ+
	JwxOsFxJCW72WFR262BXMhSbqycuc11SWsd/aAcGwA74wy7vqzLyTH3d/lOsBXVkjL8dnz
	zvEXUjjpTfPAe5ev6OAzMOi6hUGcfQGbM6egKiJIP37Xhlj8SOLsoWJ2HExQ/xl/daD8Fi
	njJW+TLHnD/XA5wnnyki3Iddq/FEOFVJwv2f1JWbk5QLn07DRbylFpdPJj6zKg==
Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Tjlxj1fl2z19YP
	for <geom@FreeBSD.org>; Mon, 26 Feb 2024 03:11:05 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.5])
	by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 41Q3B5Wa073997
	for <geom@FreeBSD.org>; Mon, 26 Feb 2024 03:11:05 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
	by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 41Q3B5uX073996
	for geom@FreeBSD.org; Mon, 26 Feb 2024 03:11:05 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: geom@FreeBSD.org
Subject: [Bug 277228] Device permissions security hole with partitioning
 (/dev/geom.ctl)
Date: Mon, 26 Feb 2024 03:11:05 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: misc
X-Bugzilla-Version: Unspecified
X-Bugzilla-Keywords: security
X-Bugzilla-Severity: Affects Many People
X-Bugzilla-Who: vince.bsd@hightek.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: geom@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-277228-14739-QAkNpXvB6k@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-277228-14739@https.bugs.freebsd.org/bugzilla/>
References: <bug-277228-14739@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
List-Id: GEOM-specific discussions and implementations <freebsd-geom.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-geom
List-Help: <mailto:freebsd-geom+help@freebsd.org>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Subscribe: <mailto:freebsd-geom+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-geom+unsubscribe@freebsd.org>
Sender: owner-freebsd-geom@freebsd.org
MIME-Version: 1.0

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D277228

--- Comment #5 from Vincent Stemen <vince.bsd@hightek.org> ---

Are there any architectural limitations that would prevent you from making
gpart run under setuid or setgid using the same group ID as geom.ctl
(something other than operator, so that drives can still belong to operator
group for backups. etc), then let gpart check the permissions on the
individual devices before allowing you to modify the partition table?

It seems that that you could do this with any tool that needs *.ctl
permissions.

--=20
You are receiving this mail because:
You are the assignee for the bug.=