From owner-freebsd-hackers  Mon Sep 20 18: 8:31 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from mg-20425427-42.ricochet.net (mg-20425427-42.ricochet.net [204.254.27.42])
	by hub.freebsd.org (Postfix) with ESMTP id BAFE514FE8
	for <freebsd-hackers@FreeBSD.ORG>; Mon, 20 Sep 1999 18:08:00 -0700 (PDT)
	(envelope-from gurney_j@efn.org)
Received: (from jmg@localhost)
          by mg-20425427-42.ricochet.net (8.9.1/8.8.7) id SAA16075;
          Mon, 20 Sep 1999 18:07:47 -0700 (PDT)
Message-ID: <19990920180741.39841@hydrogen.fircrest.net>
Date: Mon, 20 Sep 1999 18:07:41 -0700
From: John-Mark Gurney <gurney_j@efn.org>
To: Julian Elischer <julian@whistle.com>
Cc: "Matthew N. Dodd" <winter@jurai.net>,
	Chuck Robey <chuckr@mat.net>, Wayne Cuddy <wayne@crb-web.com>,
	FreeBSD Hackers List <freebsd-hackers@FreeBSD.ORG>
Subject: Re: what is devfs?
References: <19990920160107.33337@hydrogen.fircrest.net> <Pine.BSF.3.95.990920163316.6478C-100000@current1.whistle.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.69
In-Reply-To: <Pine.BSF.3.95.990920163316.6478C-100000@current1.whistle.com>; from Julian Elischer on Mon, Sep 20, 1999 at 04:35:47PM -0700
Reply-To: John-Mark Gurney <gurney_j@resnet.uoregon.edu>
Organization: Cu Networking
X-Operating-System: FreeBSD 3.0-RELEASE i386
X-PGP-Fingerprint: B7 EC EF F8 AE ED A7 31  96 7A 22 B3 D8 56 36 F4
X-Files: The truth is out there
X-URL: http://resnet.uoregon.edu/~gurney_j/
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Julian Elischer scribbled this message on Sep 20:
> On Mon, 20 Sep 1999, John-Mark Gurney wrote:
> > one thing that HAS to happen is the fast that some devices CAN'T "appeare"
> > until the devfsd says it can, unless we force a very restrictive permision
> > on all devices (600 or something similar) otherwise we will have security
> > wholes up the wazoo... don't forget about this... a devfsd daemon is
> > definately the way to go...
> 
> While I sharply disagree, with your assertion, 

what part exactly? are you saying that we should allow devices to appear
that are insecure??

we have two possible ways of dealing with it:
	a)	a daemon "lets" a device appear w/ certain permisions
	b)	a device appears w/ 0600 root:wheel, and the daemon sets
		the device to proper owner/permissions

any other way introduces the problem where you stick in a serial card
that contains a sensitive serial console, and someone can "attach" to
the device... or many other possible problems...

-- 
  John-Mark Gurney				Voice: +1 408 975 9651
  Cu Networking					  

  "The soul contains in itself the event that shall presently befall it.
  The event is only the actualizing of its thought." -- Ralph Waldo Emerson


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message