I've been thinking, it seems to me that it is inconvenient that root
privilege is required to look at prom properties in the Solaris device
tree. I believe that the data located there is not security sensitive
(at least not normally), as long as unauthorized users are not allowed
to _modify_ those properties.
I propose that /dev/openprom be changed to be mode 644, allowing any
user to access it. This would allow ordinary users to run prtconf -vp
(as well as a few other things like prtconf -F and prtconf -V) without
becoming root.
About the only possible concern I can see with this is possible
conflicts with multiple callers performing the snapshot->copyout state
machine. The best way to address that, as I see it, is to move the
snapshot state into a per-minor node structure, so that processes do not
collide with each other. (I.e. give each open file its own copy of the
snapshot and associated state machine.)
Other concerns that could arise:
1) use of the interface to increase kernel memory consumption,
thereby creating a DoS. I think there are other ways to do this too, btw.
2) openprom currently only allows 32 opens. This eliminates item #1
above from being much of a concern, but it could allow applications to
create a DoS against /dev/openprom, preventing legitimate access. I
can't see why any hacker would want to prevent code from accessing the
prom, but a simple solution to me is to have two limits -- a limit on
read opens, and a separate limit on read/write opens. That way root
applications could always open the device read/write and get it, even if
user code has horked up all the read opens.
Thoughts?
--
Garrett D'Amore, Principal Software Engineer
Tadpole Computer / Computing Technologies Division,
General Dynamics C4 Systems
http://www.tadpolecomputer.com/
Phone: 951 325-2134 Fax: 951 325-2191
_______________________________________________
opensolaris-code mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/opensolaris-code
