bug-hurd
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] Devnode: Fix the pseudo-master device port opening flags.

From: Sergiu Ivanov
Subject: Re: [PATCH] Devnode: Fix the pseudo-master device port opening flags.
Date: Fri, 25 Dec 2009 16:26:55 +0200
User-agent: Mutt/1.5.20 (2009-06-14) 
Hello,

On Fri, Dec 25, 2009 at 09:29:07PM +0800, Da Zheng wrote:
> Sergiu Ivanov wrote:
>
> > On Fri, Dec 25, 2009 at 05:09:40PM +0800, Da Zheng wrote:
> >> Sergiu Ivanov wrote:
> >>> -      master_device = file_name_lookup (arg, 0, 0);
> >>> +      master_device = file_name_lookup (arg, O_READ | O_WRITE, 0);
> >> What happens if .MASTER file is read-only?  Certainly,
> >> file_name_lookup in devnode fails. But the questions is: can .MASTER
> >> node be read-only?
> > 
> > That's a good point.  Consider the following situation: user A sets up
> > eth-multiplexer on ~A/veth/ and allows only themselves to write into
> > ~A/veth/ .  If user B tries to use ~A/veth/.MASTER via a devnode, B
> > will get a ``Permission denied'' error.  (I've just checked it: A was
> > root and B was me).
> > 
> > The question is, however, how critical this restriction is.  If, for
> > example, root sets up a multiplexer for public use, they may also
> > allow read-write access to its virtual devices.  (I've just allowed
> > 777 access to ~root/veth and my normal user could setup devnode
> > instances working with .MASTER.)  Also, I wonder whether read-only
> > network devices make sense.  (Here I may be lacking information, which
> > makes me have such an opinion.)

> read-only network devices allow users to get packets but not write
> packets. maybe it makes sense.

Yeah, I realize that, but, in my understanding, only receiving packets
is not terribly useful, in view of the fact that you have to at least
request them, which implies *sending* packets :-)

Anyway, this matter requires some more thinking.
 
> Maybe devnode can detect the access right of .MASTER first before it
> calls file_name_lookup(). So if the user doesn't have write access
> to .MASTER, it just makes its own node read-only. If the user want
> to change the access right of the devnode node and want to have
> write access, he just fails. I don't know if it sounds
> reasonable. just my thought.

This sounds pretty reasonable to me :-) It would require an extra
check and another file_name_lookup, so it's an easy thing to change.
However, taking into consideration the fact that antrik answers
E-mails pretty fast these days, I'd suggest waiting for his final
acknowledgement.

Not that I'd consider your suggestion inappropriate, but antrik might
introduce a completely new point of view, which could change things.

Regards,
Sergiu
reply via email to
[Prev in Thread] Current Thread [Next in Thread]