From owner-freebsd-hackers  Tue Sep 21 16:13:59 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from xylan.com (postal.xylan.com [208.8.0.248])
	by hub.freebsd.org (Postfix) with ESMTP id 5150514F89
	for <freebsd-hackers@FreeBSD.ORG>; Tue, 21 Sep 1999 16:13:57 -0700 (PDT)
	(envelope-from wes@softweyr.com)
Received: from mailhub.xylan.com by xylan.com (8.8.7/SMI-SVR4 (xylan-mgw 2.2 [OUT]))
	id QAA13486; Tue, 21 Sep 1999 16:13:15 -0700 (PDT)
Received: from omni.xylan.com by mailhub.xylan.com (SMI-8.6/SMI-SVR4 (mailhub 2.1 [HUB]))
	id QAA26909; Tue, 21 Sep 1999 16:00:20 -0700
Received: from softweyr.com (dyn4.utah.xylan.com) by omni.xylan.com (4.1/SMI-4.1 (xylan engr [SPOOL]))
	id AA28977; Tue, 21 Sep 99 16:13:13 PDT
Message-Id: <37E81109.E7612259@softweyr.com>
Date: Tue, 21 Sep 1999 17:13:13 -0600
From: Wes Peters <wes@softweyr.com>
Organization: Softweyr LLC
X-Mailer: Mozilla 4.5 [en] (X11; U; FreeBSD 3.1-RELEASE i386)
X-Accept-Language: en
Mime-Version: 1.0
To: Warner Losh <imp@village.org>
Cc: John-Mark Gurney <gurney_j@resnet.uoregon.edu>,
	FreeBSD Hackers List <freebsd-hackers@FreeBSD.ORG>
Subject: Re: what is devfs?
References: <19990921000009.54622@hydrogen.fircrest.net>  <19990920231629.26284@hydrogen.fircrest.net> <Pine.BSF.4.05.9909202321540.22714-100000@home.elischer.org> <199909212040.OAA27457@harmony.village.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Warner Losh wrote:
> 
> Devices must failsafe from a security point of view in the absense of
> a devfsd.  Otherwise there will extreme opposition from the security
> officer.  This means 0600 or more restrictive permissions.  While it
> doesn't happen often, it must be designed for.  Otherwise you've
> replaced a secure, predictible system with an insecure one, which is
> not acceptible at all in the base FreeBSD product.
> 
> How permissions are saved, devices are given out for use I don't care
> too much about so long as it is secure.
> 
> In general, it is very hard to secure a system where things aren't
> predictable.

Is there any possibility of creating a database of devfs perms that gets
loaded into kernel-accessible data space by the loader before boot?  Once
the system is up, devfsd could take over, monitoring and updating the
state of devfs and this database, and the perms would come up as they were
last set, modulo the cycle time of devfsd.

-- 
            "Where am I, and what am I doing in this handbasket?"

Wes Peters                                                         Softweyr LLC
wes@softweyr.com                                           http://softweyr.com/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message