Re: /dev/wsfont permissions (Was: CVS commit: src/sys/dev/wsfont)

[Valery Ushakov <uwe%stderr.spb.ru@localhost>]

On Fri, May 13, 2022 at 02:49:29 +0300, Valery Ushakov wrote:

> On Thu, May 12, 2022 at 23:17:42 +0000, Valeriy E. Ushakov wrote:
> 
> > Module Name:	src
> > Committed By:	uwe
> > Date:		Thu May 12 23:17:42 UTC 2022
> > 
> > Modified Files:
> > 	src/sys/dev/wsfont: wsfontdev.c
> > 
> > Log Message:
> > wsfont(4): WSDISPLAYIO_LDFONT requires device opened for writing.
> 
> /dev/wsfont used to be root:root 0600 and didn't bother to check
> FWRITE in its ioctl code.  macallan@ recently added support for
> listing the loaded fonts (WSDISPLAYIO_LISTFONTS, wsfontload -l).  It
> would make sense to make that available to normal users - it's weird
> to allow them to set the font but not list the available fonts.  But
> that creates a bit of a problem if someone uses new MAKEDEV that
> creates 0644 /dev/wsfont but boots an old kernel that doesn't have the
> FWRITE check.

Any thoughts on this?  The problematic scenario is that the system is
upgraded, new MAKEDEV is run after the upgrade to (re)create the
devices, it creates world readabile /dev/wsfont, and then an old
kernel is booted (which is kinda in the unsupported territory).  That
would allow fonts to be loaded by anyone, exposing whatever bugs are
lurking in wsfont(4) to J. Random User.

Does anyone have a secret devfs project that can be merged in time for
10 by any chance? :)

-uwe