* udev and cdrom permissions
@ 2004-11-10 22:02 Stefan Schweizer
2004-11-10 22:10 ` Marco d'Itri
` (8 more replies)
0 siblings, 9 replies; 10+ messages in thread
From: Stefan Schweizer @ 2004-11-10 22:02 UTC (permalink / raw
To: linux-hotplug
Hi,
with udev we have the general problem that it sets the group disk for
every hd* device. With this normal users cant write or read cdroms
without being in the disk group which is a security problem.
We really need to assign the cdrom group to cdrom-devices.
I have 2 solutions to propose:
1) We make udev follow symlinks while setting permissions. So if udev
assigns permissions to /dev/cdroms/cdrom0 it should set the permission
for the source of the symlink.
2) We make hd* the symlink. This way /dev/cdroms/cdrom* and
/dev/discs/disc* would be the real device nodes and therefore have the
right permissions.
Do you have other possible solutions, and what solution doyou think is best?
Thanks
Stefan Schweizer
-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_idU88&alloc_id\x12065&op=click
_______________________________________________
Linux-hotplug-devel mailing list http://linux-hotplug.sourceforge.net
Linux-hotplug-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-hotplug-devel
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: udev and cdrom permissions
2004-11-10 22:02 udev and cdrom permissions Stefan Schweizer
@ 2004-11-10 22:10 ` Marco d'Itri
2004-11-10 23:25 ` Stefan Schweizer
` (7 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: Marco d'Itri @ 2004-11-10 22:10 UTC (permalink / raw
To: linux-hotplug
On Nov 10, Stefan Schweizer <sschweizer@gmail.com> wrote:
> with udev we have the general problem that it sets the group disk for
> every hd* device. With this normal users cant write or read cdroms
> without being in the disk group which is a security problem.
> We really need to assign the cdrom group to cdrom-devices.
md@wonderland:~$cat /etc/udev/simple-cd-aliases.rules
# grouping of optical drives from multiple kernel subsystems
KERNEL="sr*", NAME="%k", SYMLINK="cdrom%e"
KERNEL="scd*", NAME="%k", SYMLINK="cdrom%e"
KERNEL="pcd*", NAME="%k", SYMLINK="cdrom%e"
KERNEL="hd[a-z]", NAME="%k", SYMLINK="cdrom%e", PROGRAM="/bin/cat /proc/ide/%k/media", RESULT="cdrom"
md@wonderland:~$
Just add GROUP statements.
--
ciao, |
Marco | [9127 scp/Mb5GlCdUc]
-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_idU88&alloc_id\x12065&op=click
_______________________________________________
Linux-hotplug-devel mailing list http://linux-hotplug.sourceforge.net
Linux-hotplug-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-hotplug-devel
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: udev and cdrom permissions
2004-11-10 22:02 udev and cdrom permissions Stefan Schweizer
2004-11-10 22:10 ` Marco d'Itri
@ 2004-11-10 23:25 ` Stefan Schweizer
2004-11-11 18:52 ` Stefan Schweizer
` (6 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: Stefan Schweizer @ 2004-11-10 23:25 UTC (permalink / raw
To: linux-hotplug
On Wed, 10 Nov 2004 23:10:49 +0100, Marco d'Itri <md@linux.it> wrote:
> md@wonderland:~$cat /etc/udev/simple-cd-aliases.rules
> # grouping of optical drives from multiple kernel subsystems
> KERNEL="sr*", NAME="%k", SYMLINK="cdrom%e"
> KERNEL="scd*", NAME="%k", SYMLINK="cdrom%e"
> KERNEL="pcd*", NAME="%k", SYMLINK="cdrom%e"
> KERNEL="hd[a-z]", NAME="%k", SYMLINK="cdrom%e", PROGRAM="/bin/cat /proc/ide/%k/media", RESULT="cdrom"
>
> md@wonderland:~$
>
> Just add GROUP statements.
This is a very good idea. ide-devfs.sh should be modified to also
produce GROUP= output.
And of course the default rule to also contain the GROUP= statement,
calculated by ide-devfs.sh.
Change needed to make this work:
--- namedev.c.orig 2004-11-11 00:22:11.646609480 +0100
+++ namedev.c 2004-11-11 00:23:24.228575344 +0100
@@ -785,6 +785,11 @@
goto done;
udev->partitions = dev->partitions;
+ if (dev->group[0] != '\0') {
+ strfieldcpy(udev->group, dev->group);
+ apply_format(udev, udev->group, sizeof(udev->group),
class_dev, sysfs_device);
+
+ }
/* get permissions given in rule */
set_empty_perms(udev, dev->mode,
in /etc/udev/rules.d/udev.rules:
BUS="ide", KERNEL="hd*", PROGRAM="/etc/udev/scripts/ide-devfs.sh %k %b
%n", NAME="%k", SYMLINK="%c{1} %c{2}", GROUP="%c{3}"
in /etc/udev/scripts/ide-devfs.sh:
echo ide/host${HOST}/bus${BUS}/target${TARGET}/lun0/cd
cdroms/cdrom`get_dev_number $1 cdrom` cdrom
elif [ "${MEDIA}" = "floppy" ]; then
echo
ide/host${HOST}/bus${BUS}/target${TARGET}/lun0/disc
floppies/floppy`get_dev_number $1 floppy`/disc floppy
elif [ "${MEDIA}" = "disk" ]; then
echo
ide/host${HOST}/bus${BUS}/target${TARGET}/lun0/disc
discs/disc`get_dev_number $1 disk`/disc disk
(add the type again at the end)
-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_idU88&alloc_id\x12065&op=click
_______________________________________________
Linux-hotplug-devel mailing list http://linux-hotplug.sourceforge.net
Linux-hotplug-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-hotplug-devel
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: udev and cdrom permissions
2004-11-10 22:02 udev and cdrom permissions Stefan Schweizer
2004-11-10 22:10 ` Marco d'Itri
2004-11-10 23:25 ` Stefan Schweizer
@ 2004-11-11 18:52 ` Stefan Schweizer
2004-11-17 21:26 ` Stefan Schweizer
` (5 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: Stefan Schweizer @ 2004-11-11 18:52 UTC (permalink / raw
To: linux-hotplug
[-- Attachment #1: Type: text/plain, Size: 184 bytes --]
Hi,
I have attached a rolled-up-patch that contains all necessarry changes
to make it work.
Please check the C-part again because I am not quite sure with it, but
it works :)
Stefan
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: add_cdrom_group_to_cd_devs_for_udev.patch --]
[-- Type: text/x-patch; name="add_cdrom_group_to_cd_devs_for_udev.patch", Size: 2511 bytes --]
diff -pur --show-c-function udev-044.orig/etc/udev/udev.rules.gentoo udev-044/etc/udev/udev.rules.gentoo
--- udev-044.orig/etc/udev/udev.rules.gentoo 2004-11-11 17:07:35.838720576 +0100
+++ udev-044/etc/udev/udev.rules.gentoo 2004-11-11 17:08:54.495762888 +0100
@@ -19,7 +19,7 @@ BUS="scsi", KERNEL="scd[a-z]", PROGRAM="
# devfs-names for ide-devices (uncomment only one)
# /dev/ide/.../{disc,cd} and /dev/{cdroms,discs}/* type names
-BUS="ide", KERNEL="hd*", PROGRAM="/etc/udev/scripts/ide-devfs.sh %k %b %n", NAME="%k", SYMLINK="%c{1} %c{2}"
+BUS="ide", KERNEL="hd*", PROGRAM="/etc/udev/scripts/ide-devfs.sh %k %b %n", NAME="%k", SYMLINK="%c{1} %c{2}", GROUP="%c{3}"
# DRI devices
KERNEL="card*", NAME="dri/card%n"
diff -pur --show-c-function udev-044.orig/extras/ide-devfs.sh udev-044/extras/ide-devfs.sh
--- udev-044.orig/extras/ide-devfs.sh 2004-11-11 17:07:35.970700512 +0100
+++ udev-044/extras/ide-devfs.sh 2004-11-11 17:15:53.656040840 +0100
@@ -36,11 +36,11 @@ get_dev_number() {
if [ -z "$3" ] && [ -f /proc/ide/${1}/media ]; then
MEDIA=`cat /proc/ide/${1}/media`
if [ "${MEDIA}" = "cdrom" ]; then
- echo ide/host${HOST}/bus${BUS}/target${TARGET}/lun0/cd cdroms/cdrom`get_dev_number $1 cdrom`
+ echo ide/host${HOST}/bus${BUS}/target${TARGET}/lun0/cd cdroms/cdrom`get_dev_number $1 cdrom` ${MEDIA}
elif [ "${MEDIA}" = "floppy" ]; then
- echo ide/host${HOST}/bus${BUS}/target${TARGET}/lun0/disc floppies/floppy`get_dev_number $1 floppy`/disc
+ echo ide/host${HOST}/bus${BUS}/target${TARGET}/lun0/disc floppies/floppy`get_dev_number $1 floppy`/disc ${MEDIA}
elif [ "${MEDIA}" = "disk" ]; then
- echo ide/host${HOST}/bus${BUS}/target${TARGET}/lun0/disc discs/disc`get_dev_number $1 disk`/disc
+ echo ide/host${HOST}/bus${BUS}/target${TARGET}/lun0/disc discs/disc`get_dev_number $1 disk`/disc ${MEDIA}
fi
else
echo ide/host${HOST}/bus${BUS}/target${TARGET}/lun0/part$3 discs/disc`get_dev_number $1 disk`/part$3
diff -pur --show-c-function udev-044.orig/namedev.c udev-044/namedev.c
--- udev-044.orig/namedev.c 2004-11-11 17:07:35.978699296 +0100
+++ udev-044/namedev.c 2004-11-11 17:13:25.654540488 +0100
@@ -786,6 +786,11 @@ found:
udev->partitions = dev->partitions;
+ if (dev->group[0] != '\0') {
+ strfieldcpy(udev->group, dev->group);
+ apply_format(udev, udev->group, sizeof(udev->group), class_dev, sysfs_device);
+ }
+
/* get permissions given in rule */
set_empty_perms(udev, dev->mode,
dev->owner,
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: udev and cdrom permissions
2004-11-10 22:02 udev and cdrom permissions Stefan Schweizer
` (2 preceding siblings ...)
2004-11-11 18:52 ` Stefan Schweizer
@ 2004-11-17 21:26 ` Stefan Schweizer
2004-12-02 22:26 ` Greg KH
` (4 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: Stefan Schweizer @ 2004-11-17 21:26 UTC (permalink / raw
To: linux-hotplug
I do not see this included in udev-045, are there any problems with it?
-------------------------------------------------------
This SF.Net email is sponsored by: InterSystems CACHE
FREE OODBMS DOWNLOAD - A multidimensional database that combines
robust object and relational technologies, making it a perfect match
for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8
_______________________________________________
Linux-hotplug-devel mailing list http://linux-hotplug.sourceforge.net
Linux-hotplug-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-hotplug-devel
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: udev and cdrom permissions
2004-11-10 22:02 udev and cdrom permissions Stefan Schweizer
` (3 preceding siblings ...)
2004-11-17 21:26 ` Stefan Schweizer
@ 2004-12-02 22:26 ` Greg KH
2004-12-05 21:59 ` Stefan Schweizer
` (3 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: Greg KH @ 2004-12-02 22:26 UTC (permalink / raw
To: linux-hotplug
On Thu, Nov 11, 2004 at 07:52:51PM +0100, Stefan Schweizer wrote:
> Hi,
> I have attached a rolled-up-patch that contains all necessarry changes
> to make it work.
>
> Please check the C-part again because I am not quite sure with it, but
> it works :)
It looks good, sorry for the long delay in looking at this.
I've added it to the tree. Care to make up a test for the udev-test.pl
script to test that this feature works properly?
thanks,
greg k-h
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/
_______________________________________________
Linux-hotplug-devel mailing list http://linux-hotplug.sourceforge.net
Linux-hotplug-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-hotplug-devel
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: udev and cdrom permissions
2004-11-10 22:02 udev and cdrom permissions Stefan Schweizer
` (4 preceding siblings ...)
2004-12-02 22:26 ` Greg KH
@ 2004-12-05 21:59 ` Stefan Schweizer
2004-12-06 23:03 ` Greg KH
` (2 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: Stefan Schweizer @ 2004-12-05 21:59 UTC (permalink / raw
To: linux-hotplug
On Thu, 2 Dec 2004 14:26:21 -0800, Greg KH <greg@kroah.com> wrote:
>
> It looks good, sorry for the long delay in looking at this.
>
Thank you very much for making this working :)
> I've added it to the tree. Care to make up a test for the udev-test.pl
> script to test that this feature works properly?
sorry, did not come around to.
Stefan
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/
_______________________________________________
Linux-hotplug-devel mailing list http://linux-hotplug.sourceforge.net
Linux-hotplug-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-hotplug-devel
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: udev and cdrom permissions
2004-11-10 22:02 udev and cdrom permissions Stefan Schweizer
` (5 preceding siblings ...)
2004-12-05 21:59 ` Stefan Schweizer
@ 2004-12-06 23:03 ` Greg KH
2004-12-07 14:34 ` Kay Sievers
2004-12-07 17:51 ` Greg KH
8 siblings, 0 replies; 10+ messages in thread
From: Greg KH @ 2004-12-06 23:03 UTC (permalink / raw
To: linux-hotplug
On Sun, Dec 05, 2004 at 10:59:00PM +0100, Stefan Schweizer wrote:
> On Thu, 2 Dec 2004 14:26:21 -0800, Greg KH <greg@kroah.com> wrote:
> >
> > It looks good, sorry for the long delay in looking at this.
> >
> Thank you very much for making this working :)
Hm, I think the recent merge with Kay, caused this code to be removed.
Can you get a snapshot of the current bk tree and see if it works for
you or not? If not, care to send another patch?
thanks,
greg k-h
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/
_______________________________________________
Linux-hotplug-devel mailing list http://linux-hotplug.sourceforge.net
Linux-hotplug-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-hotplug-devel
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: udev and cdrom permissions
2004-11-10 22:02 udev and cdrom permissions Stefan Schweizer
` (6 preceding siblings ...)
2004-12-06 23:03 ` Greg KH
@ 2004-12-07 14:34 ` Kay Sievers
2004-12-07 17:51 ` Greg KH
8 siblings, 0 replies; 10+ messages in thread
From: Kay Sievers @ 2004-12-07 14:34 UTC (permalink / raw
To: linux-hotplug
On Mon, 2004-12-06 at 15:03 -0800, Greg KH wrote:
> On Sun, Dec 05, 2004 at 10:59:00PM +0100, Stefan Schweizer wrote:
> > On Thu, 2 Dec 2004 14:26:21 -0800, Greg KH <greg@kroah.com> wrote:
> > >
> > > It looks good, sorry for the long delay in looking at this.
> > >
> > Thank you very much for making this working :)
>
> Hm, I think the recent merge with Kay, caused this code to be removed.
> Can you get a snapshot of the current bk tree and see if it works for
> you or not? If not, care to send another patch?
Yeah, sorry. I've restored it and applied it to my tree.
Thanks,
Kay
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/
_______________________________________________
Linux-hotplug-devel mailing list http://linux-hotplug.sourceforge.net
Linux-hotplug-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-hotplug-devel
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: udev and cdrom permissions
2004-11-10 22:02 udev and cdrom permissions Stefan Schweizer
` (7 preceding siblings ...)
2004-12-07 14:34 ` Kay Sievers
@ 2004-12-07 17:51 ` Greg KH
8 siblings, 0 replies; 10+ messages in thread
From: Greg KH @ 2004-12-07 17:51 UTC (permalink / raw
To: linux-hotplug
On Tue, Dec 07, 2004 at 03:34:22PM +0100, Kay Sievers wrote:
> On Mon, 2004-12-06 at 15:03 -0800, Greg KH wrote:
> > On Sun, Dec 05, 2004 at 10:59:00PM +0100, Stefan Schweizer wrote:
> > > On Thu, 2 Dec 2004 14:26:21 -0800, Greg KH <greg@kroah.com> wrote:
> > > >
> > > > It looks good, sorry for the long delay in looking at this.
> > > >
> > > Thank you very much for making this working :)
> >
> > Hm, I think the recent merge with Kay, caused this code to be removed.
> > Can you get a snapshot of the current bk tree and see if it works for
> > you or not? If not, care to send another patch?
>
> Yeah, sorry. I've restored it and applied it to my tree.
Thanks for doing that.
greg k-h
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/
_______________________________________________
Linux-hotplug-devel mailing list http://linux-hotplug.sourceforge.net
Linux-hotplug-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-hotplug-devel
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2004-12-07 17:51 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-11-10 22:02 udev and cdrom permissions Stefan Schweizer
2004-11-10 22:10 ` Marco d'Itri
2004-11-10 23:25 ` Stefan Schweizer
2004-11-11 18:52 ` Stefan Schweizer
2004-11-17 21:26 ` Stefan Schweizer
2004-12-02 22:26 ` Greg KH
2004-12-05 21:59 ` Stefan Schweizer
2004-12-06 23:03 ` Greg KH
2004-12-07 14:34 ` Kay Sievers
2004-12-07 17:51 ` Greg KH
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).