On 02/01/2025 11:15, Zhenlei Huang wrote:
On Jan 2, 2025, at 5:05 PM, Dag-Erling Smørgrav <[email protected]> wrote:
Zhenlei Huang <[email protected]> writes:
Miroslav Lachman <[email protected]> writes:
Previously there were about 25 files with permission r-xr-xr-x and
871 with other permissions (mainly -r--r--r--).
But on the FreeBSD 14.2 (upgraded by freebsd-update), there are 809
files with r-xr-xr-x permission and only 66 with other permissions
(63 with r--r--r--)
Yes, indeed. The permission of kernel modules was changed from 555 to
KMODMODE ( NOBINMODE, 444 ). See https://reviews.freebsd.org/D42768
for more context.
And yet the observed change is the opposite.
Looking at a 14.2 kernel tarball, the modules are not executable, but on
a 14.2 system updated from an earlier release using freebsd-update, they
are.
I also observed this. `freebsd-upgrade IDS` reported the issue and I manually
fixed the *wrong* permissions.
Thanks to all who replied. I upgraded another machine from 13.3 to 14.2
and checked everything before and after upgrade. If the modules were
read only in 13.3, they are read only after the upgrade. So the ones
that are executable were executable before the upgrade too and the
upgrade did not "fix" the permissions on them.
I will manually set 0444 on modules on all machines.
Kind regards
Miroslav Lachman
