NetBSD Problem Report #44267

From mlelstv@henery.1st.de  Thu Dec 23 11:15:40 2010
Return-Path: <mlelstv@henery.1st.de>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
	by www.NetBSD.org (Postfix) with ESMTP id DDF4263B9FC
	for <gnats-bugs@gnats.NetBSD.org>; Thu, 23 Dec 2010 11:15:39 +0000 (UTC)
Message-Id: <20101223111515.832FF28168@henery.1st.de>
Date: Thu, 23 Dec 2010 12:15:15 +0100 (CET)
From: mlelstv@serpens.de
Reply-To: mlelstv@serpens.de
To: gnats-bugs@gnats.NetBSD.org
Subject: LVM devices have wrong permissions
X-Send-Pr-Version: 3.95

>Number:         44267
>Category:       bin
>Synopsis:       LVM devices have wrong permissions
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Dec 23 11:20:00 +0000 2010
>Closed-Date:    
>Last-Modified:  Sun Dec 26 08:20:01 +0000 2010
>Originator:     Michael van Elst
>Release:        NetBSD 5.99.41
>Organization:
-- 
                                Michael van Elst
Internet: mlelstv@serpens.de
                                "A potential Snark may lurk in every tree."
>Environment:


System: NetBSD pussyfoot 5.99.41 NetBSD 5.99.41 (PUSSYFOOT) #14: Thu Dec 23 09:4
8:56 CET 2010 mlelstv@henery:/home/netbsd-current/obj.amd64/home/netbsd-current/
src/sys/arch/amd64/compile/PUSSYFOOT amd64
Architecture: x86_64
Machine: amd64
>Description:
dmsetup and the lvm utilities create device nodes in /dev/mapper/
with Ownership root:wheel and permission 600 like:

crw-------  1 root  wheel  194, 0 Jan 30  2010 control
brw-------  1 root  wheel  169, 1 Dec 23 11:11 foo
crw-------  1 root  wheel  194, 1 Dec 23 11:12 rfoo

However, the standard for disk devices is to give read access to the
operator group to allow for backups from a non-root account. E.g.:

crw-r-----  1 root  operator       3, 0 Jan  6  2010 /dev/rwd0a
brw-r-----  1 root  operator       0, 0 Jan 12  2008 /dev/wd0a

LVM should follow this convention.

>How-To-Repeat:
Create a device mapper device.

>Fix:

>Release-Note:

>Audit-Trail:
From: "Christos Zoulas" <christos@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/44267 CVS commit: src/external/gpl2/lvm2
Date: Thu, 23 Dec 2010 12:46:55 -0500

 Module Name:	src
 Committed By:	christos
 Date:		Thu Dec 23 17:46:55 UTC 2010

 Modified Files:
 	src/external/gpl2/lvm2: lvm2tools.mk
 	src/external/gpl2/lvm2/dist/daemons/cmirrord: functions.c
 	src/external/gpl2/lvm2/dist/libdm/ioctl: libdm-iface.c
 	    libdm-nbsd-iface.c
 	src/external/gpl2/lvm2/lib/libdevmapper: Makefile
 	src/external/gpl2/lvm2/sbin/dmsetup: Makefile

 Log Message:
 PR/44267: Michael van Elst: LVM devices have wrong permissions
 - Centralize CPPFLAGS for DM_DEVICE_{UID,GID,MODE}
 - Make DM_DEVICE_GID operator DM_DEVICE_MODE 0640 to be more NetBSD like
 - make all the code use DM_DEVICE_MODE instead of hard-coding.
 - make sure that all mknod calls are followed by a chown call.


 To generate a diff of this commit:
 cvs rdiff -u -r1.1 -r1.2 src/external/gpl2/lvm2/lvm2tools.mk
 cvs rdiff -u -r1.1.1.1 -r1.2 \
     src/external/gpl2/lvm2/dist/daemons/cmirrord/functions.c
 cvs rdiff -u -r1.1.1.3 -r1.2 \
     src/external/gpl2/lvm2/dist/libdm/ioctl/libdm-iface.c
 cvs rdiff -u -r1.7 -r1.8 \
     src/external/gpl2/lvm2/dist/libdm/ioctl/libdm-nbsd-iface.c
 cvs rdiff -u -r1.4 -r1.5 src/external/gpl2/lvm2/lib/libdevmapper/Makefile
 cvs rdiff -u -r1.4 -r1.5 src/external/gpl2/lvm2/sbin/dmsetup/Makefile

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

State-Changed-From-To: open->feedback
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Sun, 26 Dec 2010 07:43:55 +0000
State-Changed-Why:
are the fixes sufficient?


State-Changed-From-To: feedback->open
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Sun, 26 Dec 2010 08:16:06 +0000
State-Changed-Why:
no such luck


From: Michael van Elst <mlelstv@serpens.de>
To: gnats-bugs@NetBSD.org
Cc: gnats-admin@NetBSD.org, netbsd-bugs@NetBSD.org, dholland@NetBSD.org
Subject: Re: bin/44267 (LVM devices have wrong permissions)
Date: Sun, 26 Dec 2010 09:14:48 +0100

 On Sun, Dec 26, 2010 at 07:43:56AM +0000, dholland@NetBSD.org wrote:
 > Synopsis: LVM devices have wrong permissions
 > 
 > State-Changed-From-To: open->feedback
 > State-Changed-By: dholland@NetBSD.org
 > State-Changed-When: Sun, 26 Dec 2010 07:43:55 +0000
 > State-Changed-Why:
 > are the fixes sufficient?

 No, permissions are still wrong:

 pussyfoot: {33} ll -a /dev/mapper/
 total 66
 drwxr-xr-x  2 root  wheel        512 Dec 26 08:49 .
 drwxr-xr-x  7 root  wheel      32768 Dec 26 08:49 ..
 crw-------  1 root  operator  194, 0 Dec 26 08:49 control
 crw-r-----  1 root  wheel     194, 3 Dec 26 08:49 rtestvg-testlv
 brw-r-----  1 root  operator  169, 3 Dec 26 08:49 testvg-testlv

 -> mode of 'control' was supposed to be '640'
 -> group of raw device should be 'operator' as well.


 Greetings,
 -- 
                                 Michael van Elst
 Internet: mlelstv@serpens.de
                                 "A potential Snark may lurk in every tree."

>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.