Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 20 Sep 1999 18:07:41 -0700
From:      John-Mark Gurney <gurney_j@efn.org>
To:        Julian Elischer <julian@whistle.com>
Cc:        "Matthew N. Dodd" <winter@jurai.net>, Chuck Robey <chuckr@mat.net>, Wayne Cuddy <wayne@crb-web.com>, FreeBSD Hackers List <freebsd-hackers@FreeBSD.ORG>
Subject:   Re: what is devfs?
Message-ID:  <19990920180741.39841@hydrogen.fircrest.net>
In-Reply-To: <Pine.BSF.3.95.990920163316.6478C-100000@current1.whistle.com>; from Julian Elischer on Mon, Sep 20, 1999 at 04:35:47PM -0700
References:  <19990920160107.33337@hydrogen.fircrest.net> <Pine.BSF.3.95.990920163316.6478C-100000@current1.whistle.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Julian Elischer scribbled this message on Sep 20:
> On Mon, 20 Sep 1999, John-Mark Gurney wrote:
> > one thing that HAS to happen is the fast that some devices CAN'T "appeare"
> > until the devfsd says it can, unless we force a very restrictive permision
> > on all devices (600 or something similar) otherwise we will have security
> > wholes up the wazoo... don't forget about this... a devfsd daemon is
> > definately the way to go...
> 
> While I sharply disagree, with your assertion, 

what part exactly? are you saying that we should allow devices to appear
that are insecure??

we have two possible ways of dealing with it:
	a)	a daemon "lets" a device appear w/ certain permisions
	b)	a device appears w/ 0600 root:wheel, and the daemon sets
		the device to proper owner/permissions

any other way introduces the problem where you stick in a serial card
that contains a sensitive serial console, and someone can "attach" to
the device... or many other possible problems...

-- 
  John-Mark Gurney				Voice: +1 408 975 9651
  Cu Networking					  

  "The soul contains in itself the event that shall presently befall it.
  The event is only the actualizing of its thought." -- Ralph Waldo Emerson


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990920180741.39841>