Date: Wed, 13 Oct 2010 22:35:03 +0300 From: Kostik Belousov <kostikbel@gmail.com> To: Jaakko Heinonen <jh@freebsd.org> Cc: freebsd-geom@freebsd.org Subject: Re: HEADS UP: device name checking on device registration Message-ID: <20101013193503.GF2392@deviant.kiev.zoral.com.ua> In-Reply-To: <20101013184817.GB1988@a91-153-123-205.elisa-laajakaista.fi> References: <20101007180657.GA1383@a91-153-123-205.elisa-laajakaista.fi> <20101013085025.GB54686@jh> <20101013143332.GC2392@deviant.kiev.zoral.com.ua> <20101013184817.GB1988@a91-153-123-205.elisa-laajakaista.fi>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Wed, Oct 13, 2010 at 09:48:17PM +0300, Jaakko Heinonen wrote: > On 2010-10-13, Kostik Belousov wrote: > > You might consider creating some well-controlled name instead of failed > > one, and printing a diagnostic describing what happen. > > Couldn't this cause a security problem or POLA violation with devfs > rules? Name based rules may be used to hide devices or change device > permissions. Fair enough. You can add a flag that allows make_dev() to do name change. This way, the rules can be applied still, before doing name change. Specific error code might be returned to inform the caller about the issue. Probably, that would require keeping the original name around, so the change may be too radical for little gain. [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (FreeBSD) iEYEARECAAYFAky2CecACgkQC3+MBN1Mb4ge8wCeIQwqgym3qwVhTqeDNBlxIK1f EUIAoImPOASWXVDMGinl9KmE0jNY1Rrh =equd -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20101013193503.GF2392>