Date: Sun, 31 May 1998 14:11:37 +0200 From: Poul-Henning Kamp <phk@critter.freebsd.dk> To: Terry Lambert <tlambert@primenet.com> Cc: julian@whistle.com, current@FreeBSD.ORG Subject: Re: I see one major problem with DEVFS... Message-ID: <3354.896616697@critter.freebsd.dk> In-Reply-To: Your message of "Sun, 31 May 1998 10:05:27 -0000." <199805311005.DAA20689@usr04.primenet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <199805311005.DAA20689@usr04.primenet.com>, Terry Lambert writes: >> > Just to get peace over the land again, I think you should implement >> > it so that one can mknod a device again, but discard the dev_t, >> > and use whatever DEVFS knows (better). > >This is a security hole. > >If a device is removed from a chroot environment, it should be impossible >to recreate it. > >The reasoning should be obvious. But the argument is nontheless badly flawed. This should be done by disallowing mknods by chrooted processes if such security is desired. -- Poul-Henning Kamp FreeBSD coreteam member phk@FreeBSD.ORG "Real hackers run -current on their laptop." "ttyv0" -- What UNIX calls a $20K state-of-the-art, 3D, hi-res color terminal To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3354.896616697>