From owner-freebsd-hackers Tue Sep 21 13:43:46 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 7BBE915CEA for ; Tue, 21 Sep 1999 13:41:07 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id OAA02166; Tue, 21 Sep 1999 14:41:06 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id OAA27457; Tue, 21 Sep 1999 14:40:38 -0600 (MDT) Message-Id: <199909212040.OAA27457@harmony.village.org> To: John-Mark Gurney Subject: Re: what is devfs? Cc: FreeBSD Hackers List In-reply-to: Your message of "Tue, 21 Sep 1999 00:00:09 PDT." <19990921000009.54622@hydrogen.fircrest.net> References: <19990921000009.54622@hydrogen.fircrest.net> <19990920231629.26284@hydrogen.fircrest.net> Date: Tue, 21 Sep 1999 14:40:38 -0600 From: Warner Losh Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Devices must failsafe from a security point of view in the absense of a devfsd. Otherwise there will extreme opposition from the security officer. This means 0600 or more restrictive permissions. While it doesn't happen often, it must be designed for. Otherwise you've replaced a secure, predictible system with an insecure one, which is not acceptible at all in the base FreeBSD product. How permissions are saved, devices are given out for use I don't care too much about so long as it is secure. In general, it is very hard to secure a system where things aren't predictable. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message