Date: Sun, 31 May 1998 20:49:50 +0000 (GMT) From: Terry Lambert <tlambert@primenet.com> To: phk@critter.freebsd.dk (Poul-Henning Kamp) Cc: tlambert@primenet.com, julian@whistle.com, current@FreeBSD.ORG Subject: Re: I see one major problem with DEVFS... Message-ID: <199805312049.NAA12752@usr06.primenet.com> In-Reply-To: <3354.896616697@critter.freebsd.dk> from "Poul-Henning Kamp" at May 31, 98 02:11:37 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> >If a device is removed from a chroot environment, it should be impossible > >to recreate it. > > > >The reasoning should be obvious. > > But the argument is nontheless badly flawed. > > This should be done by disallowing mknods by chrooted processes if > such security is desired. If you disallow all mknods by all processes, then they will be disallowed by chrooted processes, which are a subset of the set of all processes. 8-). The mknod code should go away for anything but named pipes; and since FreeBSD has mkfifo for that case, it should go away, period. If you want a node that is already there, but want it by a different name, then you should use "ln" or "link(2)". That's the method, as I understand Julian's explanation of the security model. Maybe it's time to document the security model, critique it, then refine it, then implement to the documentation. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199805312049.NAA12752>