On Fri, May 13, 2022 at 02:49:29 +0300, Valery Ushakov wrote: > On Thu, May 12, 2022 at 23:17:42 +0000, Valeriy E. Ushakov wrote: > > > Module Name: src > > Committed By: uwe > > Date: Thu May 12 23:17:42 UTC 2022 > > > > Modified Files: > > src/sys/dev/wsfont: wsfontdev.c > > > > Log Message: > > wsfont(4): WSDISPLAYIO_LDFONT requires device opened for writing. > > /dev/wsfont used to be root:root 0600 and didn't bother to check > FWRITE in its ioctl code. macallan@ recently added support for > listing the loaded fonts (WSDISPLAYIO_LISTFONTS, wsfontload -l). It > would make sense to make that available to normal users - it's weird > to allow them to set the font but not list the available fonts. But > that creates a bit of a problem if someone uses new MAKEDEV that > creates 0644 /dev/wsfont but boots an old kernel that doesn't have the > FWRITE check.
Any thoughts on this? The problematic scenario is that the system is upgraded, new MAKEDEV is run after the upgrade to (re)create the devices, it creates world readabile /dev/wsfont, and then an old kernel is booted (which is kinda in the unsupported territory). That would allow fonts to be loaded by anyone, exposing whatever bugs are lurking in wsfont(4) to J. Random User. Does anyone have a secret devfs project that can be merged in time for 10 by any chance? :) -uwe
