On Fri, 2003-10-31 at 08:27, David Malone wrote: > On Thu, Oct 30, 2003 at 07:46:38AM -0800, andi payn wrote: > > In FreeBSD, this doesn't work; you just get EINVAL. > > I believe this is because of a security problem discovered a few > years ago, where you could open a file like /dev/io for neither > read nor write but still get the special privelages associated with > having the file open. > > If you were to allow people to open files without read or write > permission you'd need to fix problems like this in a different way.
It seems to me that the right way to fix this is to ensure that only the superuser can open /dev/io device, no matter what permissions are on it. And the manpage says that this restriction is there. Of course it would be a good idea to check the code and make sure this really is true before (re-?)enabling O_NOACCESS. Are there any other special devices like this in FreeBSD? _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
