tech-security: MAKEDEV inconsistencies for disk & tape devices

Subject: MAKEDEV inconsistencies for disk & tape devices
To: None <tech-security@NetBSD.ORG>
From: Luke Mewburn <lm@rmit.edu.au>
List: tech-security
Date: 08/20/1997 00:14:45
Whilst examining /etc/security after fixing a couple of PRs, I noticed
that there were a few disk devices missed in the disk permissions
check.

Further investigation revealed that various port's MAKEDEV scripts
weren't doing the correct thing for disks, floppy disks, and tapes
with respect to permissions.

It appears that the standard for NetBSD is;
* disks (including removable): mode 640, user root, group operator
* tapes: mode 640, user root, group operator
  I believe that tapes should be 660, as operators may wish to perform
  backups and dump doesn't run setuid anymore so an operator won't have
  write permission to the tape.

Some of the etc/etc.*/MAKEDEV scripts generate incorrect devices.
I've attached the (very simple) script I wrote which determines
which devices aren't OK. Also, some MAKEDEVs don't warn if an invalid
devices is requested. A summary follows:

amiga:
	enss0		mode = 600	(nss0 and ss0 are 640, this is
					probably an oversight)
arm32:
	no warnings on invalid devices
	md0 md0c	no group, mode = 600
atari:
	md0 rfd0	no group, mode = 664
hp300:
	ct* mt* st*	no group, mode = 666
i386:
	no warnings on invalid devices
mvme68k:
	no warnings on invalid devices
pc532:
	no warnings on invalid devices
pmax:
	tz*		no group, mode = 666, installed as {n,}rmt{,h}*
sun3:
	md0 md0c	no group, mode = 600
	st*		no group, mode = 666
vax:
	no warnings on invalid devices
	ct* mt* st*	no group, mode = 666
	rx*		no group, mode = 600


I propose the following changes for consistency:
* change MAKEDEV to warn on invalid devices
* if a port defines ss*, add the enss* device a la NetBSD/amiga
* make all disks root.operator 640
* make all tapes root.operator 660
* check all disk perms in /etc/security against root.operator 640
* maybe check all tape perms in /etc/security against root.operator 660

Comments? Objections?

Luke.

PS: a lot of the MAKEDEVs could share a common code base. What are the
    pros and cons of merging them?


PPS: here's the script i used to check things.

--- cut here --- file: testMAKEDEV
#!/bin/sh

FILE=$1
if [ ! -f $FILE ]; then
	echo "$FILE doesn't exist - exiting"
	exit 1
fi
echo checking $FILE

DISKLIST="acd ccd cd ch ct fd hk hp mcd md mt ra rb rd rl rx rz \
    sd se ss st tz uk up vnd wd wt xd xy"

for i in $DISKLIST; do
	sh $FILE ${i}0
done

ls -l | \
    egrep '^(b|c)' | \
    awk '$3 != "root" || $4 != "operator" || $1 !~ /.rw-r-----/ \
	{ print $0 }'
--- cut here ---