bug-hurd
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] Devnode: Fix the pseudo-master device port opening flags.

From: Sergiu Ivanov
Subject: Re: [PATCH] Devnode: Fix the pseudo-master device port opening flags.
Date: Fri, 25 Dec 2009 15:21:26 +0200
User-agent: Mutt/1.5.20 (2009-06-14) 
Hello,

On Fri, Dec 25, 2009 at 05:09:40PM +0800, Da Zheng wrote:
>
> Sergiu Ivanov wrote:
> > -      master_device = file_name_lookup (arg, 0, 0);
> > +      master_device = file_name_lookup (arg, O_READ | O_WRITE, 0);
> 
> What happens if .MASTER file is read-only?  Certainly,
> file_name_lookup in devnode fails. But the questions is: can .MASTER
> node be read-only?

That's a good point.  Consider the following situation: user A sets up
eth-multiplexer on ~A/veth/ and allows only themselves to write into
~A/veth/ .  If user B tries to use ~A/veth/.MASTER via a devnode, B
will get a ``Permission denied'' error.  (I've just checked it: A was
root and B was me).

The question is, however, how critical this restriction is.  If, for
example, root sets up a multiplexer for public use, they may also
allow read-write access to its virtual devices.  (I've just allowed
777 access to ~root/veth and my normal user could setup devnode
instances working with .MASTER.)  Also, I wonder whether read-only
network devices make sense.  (Here I may be lacking information, which
makes me have such an opinion.)

Regards,
Sergiu
reply via email to
[Prev in Thread] Current Thread [Next in Thread]