mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-12-25 03:54:17 +01:00
Use umask disk_umask=037 for all (writable) disks. Use umask
tape_umask=017 for all tapes. This has a significant effect only for ft and st (they were created with the wrong umask 002 and then chmod'ed to mode 640; now they are created with mode 660). Chmod the st control devices (mode 3) to 600. These need to be more secure than the st i/o devices, but were less secure. Use the default umask of 077 for joy0. 002 gave mode 664, which is insecure. Use umask 037 for ch*. Cosmetic. Removed redundant chmod's. Sorted case lists for disks.
This commit is contained in:
parent
44196d615f
commit
6a188c276a
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=13667
52
etc/MAKEDEV
52
etc/MAKEDEV
@ -93,7 +93,7 @@
|
||||
# isdn* ISDN devices
|
||||
# labpc* National Instrument's Lab-PC and LAB-PC+
|
||||
#
|
||||
# $Id: MAKEDEV,v 1.109 1995/12/03 17:26:21 markm Exp $
|
||||
# $Id: MAKEDEV,v 1.110 1995/12/31 09:30:30 joerg Exp $
|
||||
#
|
||||
|
||||
PATH=/sbin:/bin/:/usr/bin:/usr/sbin:
|
||||
@ -154,6 +154,10 @@ dkrawslice=1
|
||||
# Control bit for SCSI
|
||||
scsictl=536870912
|
||||
|
||||
# Standard umasks
|
||||
disk_umask=037 # allow group operator to read disks
|
||||
tape_umask=017 # allow group operator to read/write tapes
|
||||
|
||||
for i
|
||||
do
|
||||
case $i in
|
||||
@ -209,7 +213,7 @@ mach-4)
|
||||
|
||||
# Create device files for new Archive/Wangtek QIC-02 tape driver (vak)
|
||||
wt*)
|
||||
umask 7
|
||||
umask $tape_umask
|
||||
u=`expr $i : '..\(.*\)'`
|
||||
if [ x$u = x ]; then u=0; fi
|
||||
rm -f r[Ww]t$u nr[Ww]t$u r[Ww]t$u[a-f] nr[Ww]t$u[a-f]
|
||||
@ -232,13 +236,13 @@ wt*)
|
||||
;;
|
||||
|
||||
# Individual slices.
|
||||
sd*s*|vn*s*|wd*s*|od*s*)
|
||||
umask 37
|
||||
od*s*|sd*s*|vn*s*|wd*s*)
|
||||
umask $disk_umask
|
||||
case $i in
|
||||
od*s*) name=od; blk=20; chr=70;;
|
||||
sd*s*) name=sd; blk=4; chr=13;;
|
||||
wd*s*) name=wd; blk=0; chr=3;;
|
||||
vn*s*) name=vn; blk=15; chr=43;;
|
||||
od*s*) name=od; blk=20; chr=70;;
|
||||
esac
|
||||
unit=`expr $i : '..\([0-9]*\)s'`
|
||||
slice=`expr $i : '..[0-9]*s\([0-9]*\)'`
|
||||
@ -291,7 +295,7 @@ sd*s*|vn*s*|wd*s*|od*s*)
|
||||
;;
|
||||
|
||||
fd*)
|
||||
umask 2
|
||||
umask $disk_umask
|
||||
unit=`expr $i : '..\(.*\)'`
|
||||
name=fd; blk=2; chr=9
|
||||
rm -f $name$unit* r$name$unit*
|
||||
@ -366,7 +370,6 @@ fd*)
|
||||
# ln r${name}${unit}.360 r${name}${unit}48ds9
|
||||
|
||||
chgrp operator ${name}${unit}* r${name}${unit}*
|
||||
chmod 640 ${name}${unit}* r${name}${unit}*
|
||||
;;
|
||||
*)
|
||||
echo bad unit for disk in: $i
|
||||
@ -375,9 +378,8 @@ fd*)
|
||||
umask 77
|
||||
;;
|
||||
|
||||
|
||||
ft*)
|
||||
umask 2
|
||||
umask $tape_umask
|
||||
unit=`expr $i : '..\(.*\)'`
|
||||
name=ft; blk=2; chr=9
|
||||
rm -f $name$unit* r$name$unit*
|
||||
@ -388,7 +390,6 @@ ft*)
|
||||
ln ${name}${unit} ${name}${unit}a
|
||||
ln r${name}${unit} r${name}${unit}a
|
||||
chgrp operator ${name}${unit}* r${name}${unit}*
|
||||
chmod 640 ${name}${unit}* r${name}${unit}*
|
||||
;;
|
||||
*)
|
||||
echo bad unit for tape in: $i
|
||||
@ -397,13 +398,13 @@ ft*)
|
||||
umask 77
|
||||
;;
|
||||
|
||||
sd*|vn*|wd*|od*)
|
||||
umask 37
|
||||
od*|sd*|vn*|wd*)
|
||||
umask $disk_umask
|
||||
case $i in
|
||||
sd*) name=sd; blk=4; chr=13;;
|
||||
wd*) name=wd; blk=0; chr=3;;
|
||||
vn*) name=vn; blk=15; chr=43;;
|
||||
od*) name=od; blk=20; chr=70;;
|
||||
sd*) name=sd; blk=4; chr=13;;
|
||||
vn*) name=vn; blk=15; chr=43;;
|
||||
wd*) name=wd; blk=0; chr=3;;
|
||||
esac
|
||||
unit=`expr $i : '..\(.*\)'`
|
||||
case $unit in
|
||||
@ -413,7 +414,7 @@ sd*|vn*|wd*|od*)
|
||||
sh MAKEDEV $name$unit$slicepartname
|
||||
done
|
||||
case $name in
|
||||
sd|od)
|
||||
od|sd)
|
||||
rm -f r${name}${unit}.ctl
|
||||
mknod r${name}${unit}.ctl c $chr `expr $unit '*' 8 + $scsictl `
|
||||
chmod 600 r${name}${unit}.ctl
|
||||
@ -444,7 +445,6 @@ worm*)
|
||||
mknod r${name}${unit} c $chr ${unit}
|
||||
rm -f r${name}${unit}.ctl
|
||||
mknod r${name}${unit}.ctl c $chr `expr $unit + $scsictl `
|
||||
chmod 600 r${name}${unit}.ctl
|
||||
;;
|
||||
|
||||
# SCSI processor type driver
|
||||
@ -460,7 +460,6 @@ pt[0-9]*)
|
||||
mknod ${name}${unit} c $chr $unit
|
||||
rm -f ${name}${unit}.ctl
|
||||
mknod ${name}${unit}.ctl c $chr `expr $unit + $scsictl `
|
||||
chmod 600 ${name}${unit}.ctl
|
||||
;;
|
||||
|
||||
pty*)
|
||||
@ -500,7 +499,7 @@ pty*)
|
||||
;;
|
||||
|
||||
st*)
|
||||
umask 2
|
||||
umask $tape_umask
|
||||
unit=`expr $i : '..\(.*\)'`
|
||||
chr=14
|
||||
|
||||
@ -524,10 +523,7 @@ st*)
|
||||
nrst${unit}.${mode} \
|
||||
erst${unit}.${mode} \
|
||||
st${unit}ctl.${mode}
|
||||
chmod 640 rst${unit}.${mode}\
|
||||
nrst${unit}.${mode} \
|
||||
erst${unit}.${mode}
|
||||
chmod 660 st${unit}ctl.${mode}
|
||||
chmod 600 st${unit}ctl.${mode}
|
||||
done
|
||||
rm -f rst${unit}.ctl
|
||||
mknod rst${unit}.ctl c $chr `expr $unit '*' 16 + $scsictl `
|
||||
@ -545,7 +541,7 @@ st*)
|
||||
;;
|
||||
|
||||
ch*)
|
||||
umask 2
|
||||
umask 37
|
||||
unit=`expr $i : '..\(.*\)'`
|
||||
case $i in
|
||||
ch*) name=ch; chr=17;;
|
||||
@ -555,7 +551,6 @@ ch*)
|
||||
0|1|2|3|4|5|6)
|
||||
mknod ${name}${unit} c $chr `expr $unit '*' 16 + 0`
|
||||
chgrp operator ${name}${unit}
|
||||
chmod 640 ${name}${unit}
|
||||
rm -f r${name}${unit}.ctl
|
||||
mknod r${name}${unit}.ctl c $chr `expr $unit '*' 16 + $scsictl `
|
||||
chmod 600 r${name}${unit}.ctl
|
||||
@ -568,7 +563,7 @@ ch*)
|
||||
;;
|
||||
|
||||
cd*|mcd*|scd*)
|
||||
umask 2
|
||||
umask $disk_umask
|
||||
case $i in
|
||||
cd*) unit=`expr $i : '..\(.*\)'`; name=cd; blk=6; chr=15;;
|
||||
mcd*) unit=`expr $i : '...\(.*\)'`; name=mcd; blk=7; chr=29;;
|
||||
@ -582,7 +577,6 @@ cd*|mcd*|scd*)
|
||||
mknod r${name}${unit}a c $chr `expr $unit '*' 8 + 0`
|
||||
mknod r${name}${unit}c c $chr `expr $unit '*' 8 + 2`
|
||||
chgrp operator ${name}${unit}[a-h] r${name}${unit}[a-h]
|
||||
chmod 640 ${name}${unit}[a-h] r${name}${unit}[a-h]
|
||||
case $name in
|
||||
cd)
|
||||
rm -f r${name}${unit}.ctl
|
||||
@ -959,7 +953,7 @@ gsc*)
|
||||
apm*)
|
||||
rm -f apm0
|
||||
mknod apm0 c 39 0
|
||||
chown root.wheel apm0
|
||||
chown root.operator apm0
|
||||
chmod 660 apm0
|
||||
;;
|
||||
|
||||
@ -986,7 +980,6 @@ cronyx)
|
||||
;;
|
||||
|
||||
joy)
|
||||
umask 2
|
||||
rm -f joy0 joy1
|
||||
mknod joy0 c 51 0
|
||||
mknod joy1 c 51 1
|
||||
@ -1004,6 +997,7 @@ meteor?)
|
||||
unit=`expr $i : 'meteor\(.*\)'`
|
||||
rm -f meteor$unit
|
||||
mknod meteor$unit c 67 $unit
|
||||
chown root.wheel meteor$unit
|
||||
chmod 444 meteor$unit
|
||||
;;
|
||||
|
||||
|
@ -93,7 +93,7 @@
|
||||
# isdn* ISDN devices
|
||||
# labpc* National Instrument's Lab-PC and LAB-PC+
|
||||
#
|
||||
# $Id: MAKEDEV,v 1.109 1995/12/03 17:26:21 markm Exp $
|
||||
# $Id: MAKEDEV,v 1.110 1995/12/31 09:30:30 joerg Exp $
|
||||
#
|
||||
|
||||
PATH=/sbin:/bin/:/usr/bin:/usr/sbin:
|
||||
@ -154,6 +154,10 @@ dkrawslice=1
|
||||
# Control bit for SCSI
|
||||
scsictl=536870912
|
||||
|
||||
# Standard umasks
|
||||
disk_umask=037 # allow group operator to read disks
|
||||
tape_umask=017 # allow group operator to read/write tapes
|
||||
|
||||
for i
|
||||
do
|
||||
case $i in
|
||||
@ -209,7 +213,7 @@ mach-4)
|
||||
|
||||
# Create device files for new Archive/Wangtek QIC-02 tape driver (vak)
|
||||
wt*)
|
||||
umask 7
|
||||
umask $tape_umask
|
||||
u=`expr $i : '..\(.*\)'`
|
||||
if [ x$u = x ]; then u=0; fi
|
||||
rm -f r[Ww]t$u nr[Ww]t$u r[Ww]t$u[a-f] nr[Ww]t$u[a-f]
|
||||
@ -232,13 +236,13 @@ wt*)
|
||||
;;
|
||||
|
||||
# Individual slices.
|
||||
sd*s*|vn*s*|wd*s*|od*s*)
|
||||
umask 37
|
||||
od*s*|sd*s*|vn*s*|wd*s*)
|
||||
umask $disk_umask
|
||||
case $i in
|
||||
od*s*) name=od; blk=20; chr=70;;
|
||||
sd*s*) name=sd; blk=4; chr=13;;
|
||||
wd*s*) name=wd; blk=0; chr=3;;
|
||||
vn*s*) name=vn; blk=15; chr=43;;
|
||||
od*s*) name=od; blk=20; chr=70;;
|
||||
esac
|
||||
unit=`expr $i : '..\([0-9]*\)s'`
|
||||
slice=`expr $i : '..[0-9]*s\([0-9]*\)'`
|
||||
@ -291,7 +295,7 @@ sd*s*|vn*s*|wd*s*|od*s*)
|
||||
;;
|
||||
|
||||
fd*)
|
||||
umask 2
|
||||
umask $disk_umask
|
||||
unit=`expr $i : '..\(.*\)'`
|
||||
name=fd; blk=2; chr=9
|
||||
rm -f $name$unit* r$name$unit*
|
||||
@ -366,7 +370,6 @@ fd*)
|
||||
# ln r${name}${unit}.360 r${name}${unit}48ds9
|
||||
|
||||
chgrp operator ${name}${unit}* r${name}${unit}*
|
||||
chmod 640 ${name}${unit}* r${name}${unit}*
|
||||
;;
|
||||
*)
|
||||
echo bad unit for disk in: $i
|
||||
@ -375,9 +378,8 @@ fd*)
|
||||
umask 77
|
||||
;;
|
||||
|
||||
|
||||
ft*)
|
||||
umask 2
|
||||
umask $tape_umask
|
||||
unit=`expr $i : '..\(.*\)'`
|
||||
name=ft; blk=2; chr=9
|
||||
rm -f $name$unit* r$name$unit*
|
||||
@ -388,7 +390,6 @@ ft*)
|
||||
ln ${name}${unit} ${name}${unit}a
|
||||
ln r${name}${unit} r${name}${unit}a
|
||||
chgrp operator ${name}${unit}* r${name}${unit}*
|
||||
chmod 640 ${name}${unit}* r${name}${unit}*
|
||||
;;
|
||||
*)
|
||||
echo bad unit for tape in: $i
|
||||
@ -397,13 +398,13 @@ ft*)
|
||||
umask 77
|
||||
;;
|
||||
|
||||
sd*|vn*|wd*|od*)
|
||||
umask 37
|
||||
od*|sd*|vn*|wd*)
|
||||
umask $disk_umask
|
||||
case $i in
|
||||
sd*) name=sd; blk=4; chr=13;;
|
||||
wd*) name=wd; blk=0; chr=3;;
|
||||
vn*) name=vn; blk=15; chr=43;;
|
||||
od*) name=od; blk=20; chr=70;;
|
||||
sd*) name=sd; blk=4; chr=13;;
|
||||
vn*) name=vn; blk=15; chr=43;;
|
||||
wd*) name=wd; blk=0; chr=3;;
|
||||
esac
|
||||
unit=`expr $i : '..\(.*\)'`
|
||||
case $unit in
|
||||
@ -413,7 +414,7 @@ sd*|vn*|wd*|od*)
|
||||
sh MAKEDEV $name$unit$slicepartname
|
||||
done
|
||||
case $name in
|
||||
sd|od)
|
||||
od|sd)
|
||||
rm -f r${name}${unit}.ctl
|
||||
mknod r${name}${unit}.ctl c $chr `expr $unit '*' 8 + $scsictl `
|
||||
chmod 600 r${name}${unit}.ctl
|
||||
@ -444,7 +445,6 @@ worm*)
|
||||
mknod r${name}${unit} c $chr ${unit}
|
||||
rm -f r${name}${unit}.ctl
|
||||
mknod r${name}${unit}.ctl c $chr `expr $unit + $scsictl `
|
||||
chmod 600 r${name}${unit}.ctl
|
||||
;;
|
||||
|
||||
# SCSI processor type driver
|
||||
@ -460,7 +460,6 @@ pt[0-9]*)
|
||||
mknod ${name}${unit} c $chr $unit
|
||||
rm -f ${name}${unit}.ctl
|
||||
mknod ${name}${unit}.ctl c $chr `expr $unit + $scsictl `
|
||||
chmod 600 ${name}${unit}.ctl
|
||||
;;
|
||||
|
||||
pty*)
|
||||
@ -500,7 +499,7 @@ pty*)
|
||||
;;
|
||||
|
||||
st*)
|
||||
umask 2
|
||||
umask $tape_umask
|
||||
unit=`expr $i : '..\(.*\)'`
|
||||
chr=14
|
||||
|
||||
@ -524,10 +523,7 @@ st*)
|
||||
nrst${unit}.${mode} \
|
||||
erst${unit}.${mode} \
|
||||
st${unit}ctl.${mode}
|
||||
chmod 640 rst${unit}.${mode}\
|
||||
nrst${unit}.${mode} \
|
||||
erst${unit}.${mode}
|
||||
chmod 660 st${unit}ctl.${mode}
|
||||
chmod 600 st${unit}ctl.${mode}
|
||||
done
|
||||
rm -f rst${unit}.ctl
|
||||
mknod rst${unit}.ctl c $chr `expr $unit '*' 16 + $scsictl `
|
||||
@ -545,7 +541,7 @@ st*)
|
||||
;;
|
||||
|
||||
ch*)
|
||||
umask 2
|
||||
umask 37
|
||||
unit=`expr $i : '..\(.*\)'`
|
||||
case $i in
|
||||
ch*) name=ch; chr=17;;
|
||||
@ -555,7 +551,6 @@ ch*)
|
||||
0|1|2|3|4|5|6)
|
||||
mknod ${name}${unit} c $chr `expr $unit '*' 16 + 0`
|
||||
chgrp operator ${name}${unit}
|
||||
chmod 640 ${name}${unit}
|
||||
rm -f r${name}${unit}.ctl
|
||||
mknod r${name}${unit}.ctl c $chr `expr $unit '*' 16 + $scsictl `
|
||||
chmod 600 r${name}${unit}.ctl
|
||||
@ -568,7 +563,7 @@ ch*)
|
||||
;;
|
||||
|
||||
cd*|mcd*|scd*)
|
||||
umask 2
|
||||
umask $disk_umask
|
||||
case $i in
|
||||
cd*) unit=`expr $i : '..\(.*\)'`; name=cd; blk=6; chr=15;;
|
||||
mcd*) unit=`expr $i : '...\(.*\)'`; name=mcd; blk=7; chr=29;;
|
||||
@ -582,7 +577,6 @@ cd*|mcd*|scd*)
|
||||
mknod r${name}${unit}a c $chr `expr $unit '*' 8 + 0`
|
||||
mknod r${name}${unit}c c $chr `expr $unit '*' 8 + 2`
|
||||
chgrp operator ${name}${unit}[a-h] r${name}${unit}[a-h]
|
||||
chmod 640 ${name}${unit}[a-h] r${name}${unit}[a-h]
|
||||
case $name in
|
||||
cd)
|
||||
rm -f r${name}${unit}.ctl
|
||||
@ -959,7 +953,7 @@ gsc*)
|
||||
apm*)
|
||||
rm -f apm0
|
||||
mknod apm0 c 39 0
|
||||
chown root.wheel apm0
|
||||
chown root.operator apm0
|
||||
chmod 660 apm0
|
||||
;;
|
||||
|
||||
@ -986,7 +980,6 @@ cronyx)
|
||||
;;
|
||||
|
||||
joy)
|
||||
umask 2
|
||||
rm -f joy0 joy1
|
||||
mknod joy0 c 51 0
|
||||
mknod joy1 c 51 1
|
||||
@ -1004,6 +997,7 @@ meteor?)
|
||||
unit=`expr $i : 'meteor\(.*\)'`
|
||||
rm -f meteor$unit
|
||||
mknod meteor$unit c 67 $unit
|
||||
chown root.wheel meteor$unit
|
||||
chmod 444 meteor$unit
|
||||
;;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user