Subject: Re: NetBSD Security Advisory 1999-009
To: matthew green <email@example.com>
From: Simon Burge <firstname.lastname@example.org>
Date: 04/21/1999 11:39:15
matthew green wrote:
> NetBSD Security Advisory 1999-009
> Technical Details
> The SVR4 /dev/wabi character device special file, usually created
> below the /emul/svr4 hierarchy, is currently supposed to be a synonym
> for the /dev/null device special file.
> Originally developed on the sparc port of NetBSD, the SVR4_MAKEDEV
> shell script creates this file with a major number of 3 and a minor
> number of 2, setting these properties equivalent to those of the
> /dev/null device special file on that platform. On the i386 port of
> NetBSD, the character device major number 3 is associated with the
> wd(4) driver, which supports IDE (and compatible) disks, and whose
> minor number 2 denotes the NetBSD portion of the first such disk
> configured by the systems; this corresponds to the special device file
> /dev/rwd0c in the base distribution. As the /dev/wabi special device
> file is created with world read and write permissions, a regular user
> may read and write any data stored on that portion of the disk.
As a "Thought For The Day(tm)", could/should MAKEDEV scripts be
autobuilt from conf.c and other sources of information? I guess
there's scope for this type of problem to reappear in the future...