Date: Fri, 01 Jan 1999 20:12:52 -0700 From: Warner Losh <imp@village.org> To: Mike Smith <mike@smith.net.au> Cc: freebsd-arch@FreeBSD.ORG Subject: Re: DEVFS, the time has come... Message-ID: <199901020312.UAA09044@harmony.village.org> In-Reply-To: Your message of "Fri, 01 Jan 1999 17:16:09 PST." <199901020116.RAA03885@dingo.cdrom.com> References: <199901020116.RAA03885@dingo.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
What we absolutely must not do is to create devices that will cause the security of the system to be compromised. This would be absolutely disasterous from a PR point of view. In message <199901020116.RAA03885@dingo.cdrom.com> Mike Smith writes: > Personally, I think a persistent DEVFS would be "better" than a > non-persistent DEVFS. But it's been quite clear for some time that > persistence is something that can be built onto a working DEVFS, so a > non-persistent DEVFS is something that we definitely want to start with. I think this is a good bottom line. Even if we had good documentation, I think it will still violate POLA. We must remember that rc.* is not an acceptible solution because devices can come and go. If my mouse were plugged into a USB port, and I unplugged it then plugged it back in, the device would go away and come back. If I chmod'd it on boot, those setting would be lost. Or if I forgot to have my mouse plugged in on boot and plugged it in after the rc scripts had run. The system still should allow access to that mouse, but only to the person that is on the console. We'd likely get lots of complaints if we violate POLA where removable devices are concerned. I know it is a huge PITA to do persistance correctly, and that people have fought doing it for years. However, I think that you need some level of persistance in order to deal with what will become an increasing common problem. Warner [The problem of insecure device-creations can be solved by defaulting to not create devices dynamically after boot. -EE] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199901020312.UAA09044>