From owner-freebsd-questions Sun Apr 14 13:33:17 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mta02-svc.ntlworld.com (mta02-svc.ntlworld.com [62.253.162.42]) by hub.freebsd.org (Postfix) with ESMTP id 10EDC37B404 for ; Sun, 14 Apr 2002 13:33:14 -0700 (PDT) Received: from lungfish.ntlworld.com ([80.4.0.215]) by mta02-svc.ntlworld.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020414203311.IKOV286.mta02-svc.ntlworld.com@lungfish.ntlworld.com>; Sun, 14 Apr 2002 21:33:11 +0100 Received: from tuatara.goatsucker.org (tuatara.goatsucker.org [192.168.1.6]) by lungfish.ntlworld.com (8.11.6/8.11.6) with ESMTP id g3EKXAV45018; Sun, 14 Apr 2002 21:33:10 +0100 (BST) (envelope-from scott@tuatara.goatsucker.org) Received: (from scott@localhost) by tuatara.goatsucker.org (8.11.6/8.11.6) id g3EKXOf22210; Sun, 14 Apr 2002 21:33:24 +0100 (BST) (envelope-from scott) Date: Sun, 14 Apr 2002 21:33:24 +0100 From: Scott Mitchell To: dillama Cc: freebsd-questions@FreeBSD.ORG Subject: Re: What does nodev actually do? Message-ID: <20020414213324.E18618@fishballoon.dyndns.org> References: <20020414173915.D95B8B6BB@xmxpita.excite.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020414173915.D95B8B6BB@xmxpita.excite.com>; from dillama1@excite.com on Sun, Apr 14, 2002 at 01:39:15PM -0400 X-Operating-System: FreeBSD 4.5-STABLE i386 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sun, Apr 14, 2002 at 01:39:15PM -0400, dillama wrote: > > Can anyone explain what the "nodev" option in mounting a drive does? How > does it make things more secure (according to the handbook)? It tells the system to ignore any files on the mounted drive that claim to be 'device nodes' -- the special files (typically found in /dev) that give access to the physical hardware on your machine. Specifying 'nodev' prevents someone from mounting a filesystem containing a world-writable disk device node, then using that to write random data all over your disks, for example. I'm not sure if that would work even without 'nodev' though; anyone know if I could just construct a UFS floppy containing device nodes, mount it as myself, then us it for evil? Or would I have to mount it as root? Probably no harm in using 'nodev' on any filesystem apart from your root partition (you need those devices in /dev :-), unless there's a specific reason to be using devices on some other filesystem. Scott -- =========================================================================== Scott Mitchell | PGP Key ID | "Eagles may soar, but weasels Cambridge, England | 0x54B171B9 | don't get sucked into jet engines" scott.mitchell@mail.com | 0xAA775B8B | -- Anon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message