From 4a3b07160a92741af3cd610f46b1ac52e6df209b Mon Sep 17 00:00:00 2001
From: Tobias Hintze <th@rocklinux.org>
Date: Mon, 2 Aug 2004 09:53:58 +0000
Subject: [PATCH] Tobias Hintze <th@rocklinux.org>: 	fixed
 /etc/devfsd.d/hardware: 	root.user/664 on each /dev/scsi/.*/generic
 allows arbitrary user 	to do arbitrary read/write operations on any disc that
 has 	a generic scsi device (e.g. scsi discs and S-ATA discs). 	this
 patch makes devfsd touch only cdrom related devices and 	implements a
 much safer default. 	MODE and OWNER may be set in /etc/conf/devfs.cdrom

[2004072815592412743] (https://www.rocklinux.net/submaster)



git-svn-id: http://www.rocklinux.org/svn/rock-linux/trunk@3767 c5f82cb5-29bc-0310-9cd0-bff59a50e3bc
---
 package/base/devfsd/cdrom_register.sh   | 30 +++++++++++++++++++++++++
 package/base/devfsd/devfsd.conf         |  4 ++++
 package/base/devfsd/devfsd_hardware.txt |  2 +-
 3 files changed, 35 insertions(+), 1 deletion(-)
 create mode 100644 package/base/devfsd/cdrom_register.sh

diff --git a/package/base/devfsd/cdrom_register.sh b/package/base/devfsd/cdrom_register.sh
new file mode 100644
index 000000000..627d8624c
--- /dev/null
+++ b/package/base/devfsd/cdrom_register.sh
@@ -0,0 +1,30 @@
+#!/bin/sh
+#
+# this script is to be called by devfsd on REGISTER for cd and generic devs.
+#
+# corresponding devfsd.conf line should look this way:
+# REGISTER ^((ide|scsi)/.*)/(cd|generic)$ EXECUTE /usr/lib/devfsd/cdrom_register.sh $mntpnt \1 \3
+#
+# [M] Tobias Hintze <th@rocklinux.org>
+#
+if [ "$#" != "3" ]
+then
+	logger "$0 called with invalid arguments."
+	exit
+fi
+
+# secure default
+MODE=600
+OWNER=root.root
+
+# possible convenience to override MODE and OWNER
+[ -r /etc/conf/devfs.cdrom ] && . /etc/conf/devfs.cdrom
+
+if [ -b "$1/$2/cd" ]
+then
+	# this is a cdrom
+	chown $OWNER "$1/$2/$3"
+	chmod $MODE "$1/$2/$3"
+	logger "permissions for $1/$2/$3 set."
+fi
+
diff --git a/package/base/devfsd/devfsd.conf b/package/base/devfsd/devfsd.conf
index f0c047a69..82552f90d 100644
--- a/package/base/devfsd/devfsd.conf
+++ b/package/base/devfsd/devfsd.conf
@@ -27,6 +27,10 @@ devfsd_postmake()
 	cp -vf $confdir/devfsd.conf.data $root/etc/devfsd.conf
 	mkdir -p $root/etc/devfsd.d
 
+	mkdir -p $root/usr/lib/devfsd
+	cp -vf $confdir/cdrom_register.sh $root/usr/lib/devfsd/
+	chmod 755 $root/usr/lib/devfsd/cdrom_register.sh
+
 	for x in $( cd $confdir ; echo devfsd_*.txt ) ; do
                 y="${x%.txt}"
 		file=/etc/devfsd.d/${y/devfsd_/}
diff --git a/package/base/devfsd/devfsd_hardware.txt b/package/base/devfsd/devfsd_hardware.txt
index 8424c579f..2c12d01a4 100644
--- a/package/base/devfsd/devfsd_hardware.txt
+++ b/package/base/devfsd/devfsd_hardware.txt
@@ -2,7 +2,7 @@
 # cd-rom
 
 # user/group and persmission for the cd and the corespondig generic device
-REGISTER ^(ide|scsi)/host[0-9]+/bus[0-9]+/target[0-9]+/lun[0-9]+/(cd|generic) PERMISSIONS root.users 0664
+REGISTER ^((ide|scsi)/.*)/(cd|generic)$ EXECUTE /usr/lib/devfsd/cdrom_register.sh $mntpnt \1 \3
 
 # handle the historic /dev/cdrom device always pointing to the first CD-ROM
 REGISTER    ^(cdroms/cdrom0)$ 	EXECUTE		ln -s /dev/\1 /dev/cdrom