Date: Sun, 5 Nov 2000 12:47:40 -0500 (EST) From: Robert Watson <rwatson@FreeBSD.org> To: Don Lewis <Don.Lewis@tsc.tdk.com> Cc: "Brian F. Feldman" <green@FreeBSD.org>, Don Lewis <truckman@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/etc MAKEDEV src/release Makefile Message-ID: <Pine.NEB.3.96L.1001105124230.43654W-100000@fledge.watson.org> In-Reply-To: <200011051651.IAA20696@salsa.gv.tsc.tdk.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 5 Nov 2000, Don Lewis wrote: > On Nov 5, 11:34am, "Brian F. Feldman" wrote: > } Subject: Re: cvs commit: src/etc MAKEDEV src/release Makefile > } > } Ack! The idea of MAKEDEV having a restricted path is to prevent people from > } repeatedly using stuff from /usr/bin etc. in MAKEDEV, which they love to do. > } This change breaks that. The right thing to do would be to either one of: > } 1) Change the default PATH in MAKEDEV to include the fixit floppy's paths. > } 2) Make the fixit floppy set MAKEDEVPATH=/sbin:/bin:/mnt2/stand. > > Now you tell me ... You have to be careful about including "mnt2" in any path: the /mnt* directories are used for a variety of purposes, and there are no guarantees about ownership. Having MAKENOD add /mnt* to the path may introduce security problems if the media mounted is untrusted or has permissions allowing non-privileged users to make changes to its stand subtree. I.e., this path assumes that only trusted FreeBSD install media is ever mounted on /mnt2, which is false. As such I'd strongly object to adding mnt2 to the MAKEDEV path. What would be nice is a way to force MAKEDEV (using an environmental variable or something) to add back in the [c | b] argument so that fewer people get burned when moving over the removal of block devices upgrade. :-) Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1001105124230.43654W-100000>