Re: What is negative group permissions? (Re: narawntapu security run output)
On Mon, Dec 24, 2012 at 03:27:57PM +, jb wrote: Mikhail T. mi+thun at aldan.algebra.com writes: On 23.12.2012 11:48, Chris Rees wrote: They involve a lot of thought to get right, as well as chmod g-w on something where you probably meant chmod go-w is a disastrous but (perhaps) common error. Chris Well, in (over 20) years of dealing with Unix, I've never made a mistake like that, nor do I understand, how it can be considered common ... Got to admit, I was surprised to see it. It made me think, I do not understand something -- or that FreeBSD is becoming overly paternalistic. It turned out to be the latter... I doubt, it is useful. Worse, issuing such warnings routinely, only reinforces the unfortunate misconceptions like the one Barney demonstrated in this thread. When originally added, the check was meant to be off by default: ... perhaps, it should have remained off? Yours, Those security checks are for a reason - people make mistakes (even a perfect guy like you will have a head in a brown bag time). It is better to get a heads-up, then think about it and turn it off (customize) if considered unneeded. This specific check is there and on by default because you CAN NOT rely on negative group permissions unless you never use more than 14 groups or never use NFS. The check is a compromise I implemented as part of the switch to allowing large number of groups per user (technically per-process). Users who wish to use them and know what they are doing can easily turn it off. IIRC the reason it was off by default to start with is that I wanted to MFC it but it's been a long time so I'm no longer certain. -- Brooks pgpgTrzT6zRm2.pgp Description: PGP signature
ppc fails to attach to puc on 9.1-STABLE, 7.4-STABLE works
I want my printer port back on 9.1 ;-( I have this card: puc0@pci0:4:1:0:class=0x078000 card=0x00121000 chip=0x98359710 rev=0x01 hdr=0x00 vendor = 'NetMos Technology' device = 'PCI 9835 Multi-I/O Controller' class = simple comms It attached and worked under 7.4-STABLE (as long as I disabled the interrupt using hint.ppc.0.irq=): puc0: NetMos NM9835 Dual UART and 1284 Printer port port 0xdf00-0xdf07,0xde00-0xde07,0xdd00-0xdd07 ,0xdc00-0xdc07,0xdb00-0xdb07,0xda00-0xda0f irq 17 at device 1.0 on pci4 puc0: [FILTER] uart0: Non-standard ns8250 class UART with FIFOs on puc0 uart0: [FILTER] uart1: Non-standard ns8250 class UART with FIFOs on puc0 uart1: [FILTER] ppc0: Parallel port on puc0 ppc0: Generic chipset (ECP/EPP/PS2/NIBBLE) in ECP+EPP mode (EPP 1.9) ppbus0: Parallel port bus on ppc0 lpt0: Printer on ppbus0 lpt0: Polled port Under 9.1 the card does not attach the ppc anymore. The hint entries hint.ppc.0.at=puc0 hint.ppc.0.irq= hint.ppc.0.flags=0x2F get ignored and so it probes as ppc1 (failing due to the interrupt problem as it was in 7.4 without hints): puc0: NetMos NM9835 Dual UART and 1284 Printer port port 0xdf00-0xdf07,0xde00-0xde07,0xdd00-0xdd07 ,0xdc00-0xdc07,0xdb00-0xdb07,0xda00-0xda0f irq 17 at device 1.0 on pci4 uart2: Non-standard ns8250 class UART with FIFOs at port 1 on puc0 uart3: 16550 or compatible at port 2 on puc0 ppc1: Parallel port at port 3 on puc0 ppc1: Generic chipset (EPP/NIBBLE) in COMPATIBLE mode ppc1: failed to register interrupt handler: 6 device_attach: ppc1 attach returned 6 Any ideas? How do I construct the hint entries under 9.1 so that 1. it does not want to use the interrupt (which made it attach under 7.4) 2. it takes the flags 0x2F as it did before. I have also never understood if ppc itself needs to attach to the irq as well (I thought this all would be handled by puc). Thanks, -Andre ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org