NetBSD Problem Report #44267
From mlelstv@henery.1st.de Thu Dec 23 11:15:40 2010
Return-Path: <mlelstv@henery.1st.de>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by www.NetBSD.org (Postfix) with ESMTP id DDF4263B9FC
for <gnats-bugs@gnats.NetBSD.org>; Thu, 23 Dec 2010 11:15:39 +0000 (UTC)
Message-Id: <20101223111515.832FF28168@henery.1st.de>
Date: Thu, 23 Dec 2010 12:15:15 +0100 (CET)
From: mlelstv@serpens.de
Reply-To: mlelstv@serpens.de
To: gnats-bugs@gnats.NetBSD.org
Subject: LVM devices have wrong permissions
X-Send-Pr-Version: 3.95
>Number: 44267
>Category: bin
>Synopsis: LVM devices have wrong permissions
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: bin-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Dec 23 11:20:00 +0000 2010
>Closed-Date:
>Last-Modified: Sun Dec 26 08:20:01 +0000 2010
>Originator: Michael van Elst
>Release: NetBSD 5.99.41
>Organization:
--
Michael van Elst
Internet: mlelstv@serpens.de
"A potential Snark may lurk in every tree."
>Environment:
System: NetBSD pussyfoot 5.99.41 NetBSD 5.99.41 (PUSSYFOOT) #14: Thu Dec 23 09:4
8:56 CET 2010 mlelstv@henery:/home/netbsd-current/obj.amd64/home/netbsd-current/
src/sys/arch/amd64/compile/PUSSYFOOT amd64
Architecture: x86_64
Machine: amd64
>Description:
dmsetup and the lvm utilities create device nodes in /dev/mapper/
with Ownership root:wheel and permission 600 like:
crw------- 1 root wheel 194, 0 Jan 30 2010 control
brw------- 1 root wheel 169, 1 Dec 23 11:11 foo
crw------- 1 root wheel 194, 1 Dec 23 11:12 rfoo
However, the standard for disk devices is to give read access to the
operator group to allow for backups from a non-root account. E.g.:
crw-r----- 1 root operator 3, 0 Jan 6 2010 /dev/rwd0a
brw-r----- 1 root operator 0, 0 Jan 12 2008 /dev/wd0a
LVM should follow this convention.
>How-To-Repeat:
Create a device mapper device.
>Fix:
>Release-Note:
>Audit-Trail:
From: "Christos Zoulas" <christos@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/44267 CVS commit: src/external/gpl2/lvm2
Date: Thu, 23 Dec 2010 12:46:55 -0500
Module Name: src
Committed By: christos
Date: Thu Dec 23 17:46:55 UTC 2010
Modified Files:
src/external/gpl2/lvm2: lvm2tools.mk
src/external/gpl2/lvm2/dist/daemons/cmirrord: functions.c
src/external/gpl2/lvm2/dist/libdm/ioctl: libdm-iface.c
libdm-nbsd-iface.c
src/external/gpl2/lvm2/lib/libdevmapper: Makefile
src/external/gpl2/lvm2/sbin/dmsetup: Makefile
Log Message:
PR/44267: Michael van Elst: LVM devices have wrong permissions
- Centralize CPPFLAGS for DM_DEVICE_{UID,GID,MODE}
- Make DM_DEVICE_GID operator DM_DEVICE_MODE 0640 to be more NetBSD like
- make all the code use DM_DEVICE_MODE instead of hard-coding.
- make sure that all mknod calls are followed by a chown call.
To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 src/external/gpl2/lvm2/lvm2tools.mk
cvs rdiff -u -r1.1.1.1 -r1.2 \
src/external/gpl2/lvm2/dist/daemons/cmirrord/functions.c
cvs rdiff -u -r1.1.1.3 -r1.2 \
src/external/gpl2/lvm2/dist/libdm/ioctl/libdm-iface.c
cvs rdiff -u -r1.7 -r1.8 \
src/external/gpl2/lvm2/dist/libdm/ioctl/libdm-nbsd-iface.c
cvs rdiff -u -r1.4 -r1.5 src/external/gpl2/lvm2/lib/libdevmapper/Makefile
cvs rdiff -u -r1.4 -r1.5 src/external/gpl2/lvm2/sbin/dmsetup/Makefile
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->feedback
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Sun, 26 Dec 2010 07:43:55 +0000
State-Changed-Why:
are the fixes sufficient?
State-Changed-From-To: feedback->open
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Sun, 26 Dec 2010 08:16:06 +0000
State-Changed-Why:
no such luck
From: Michael van Elst <mlelstv@serpens.de>
To: gnats-bugs@NetBSD.org
Cc: gnats-admin@NetBSD.org, netbsd-bugs@NetBSD.org, dholland@NetBSD.org
Subject: Re: bin/44267 (LVM devices have wrong permissions)
Date: Sun, 26 Dec 2010 09:14:48 +0100
On Sun, Dec 26, 2010 at 07:43:56AM +0000, dholland@NetBSD.org wrote:
> Synopsis: LVM devices have wrong permissions
>
> State-Changed-From-To: open->feedback
> State-Changed-By: dholland@NetBSD.org
> State-Changed-When: Sun, 26 Dec 2010 07:43:55 +0000
> State-Changed-Why:
> are the fixes sufficient?
No, permissions are still wrong:
pussyfoot: {33} ll -a /dev/mapper/
total 66
drwxr-xr-x 2 root wheel 512 Dec 26 08:49 .
drwxr-xr-x 7 root wheel 32768 Dec 26 08:49 ..
crw------- 1 root operator 194, 0 Dec 26 08:49 control
crw-r----- 1 root wheel 194, 3 Dec 26 08:49 rtestvg-testlv
brw-r----- 1 root operator 169, 3 Dec 26 08:49 testvg-testlv
-> mode of 'control' was supposed to be '640'
-> group of raw device should be 'operator' as well.
Greetings,
--
Michael van Elst
Internet: mlelstv@serpens.de
"A potential Snark may lurk in every tree."
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.