Source-Changes-D archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: CVS commit: src/etc

On Fri, Sep 07, 2012 at 09:20:49PM +0900, Izumi Tsutsui wrote:
> - What's the actual benefits on removing those device nodes on /dev?
>   Is it more important than possible fallouts in install materials?

Those nodes, if used together with ptyfs, create a serious security
risk. That is why we remove them with postinstall. Creating them first
just to remove them later sounds wrong.

> - If we are going to remove compat pty nodes completely,
>   why don't we also update all install stuff not implicitly
>   using those node, i.e. shouldn't we change all install media
>   to have mount_ptyfs(8) and explicitly mount /dev/pts in /.profile
>   or /etc/rc scripts?

Yes, that would be an option. I doubt it is easier (due to a lot MD
testing needed), and we will have to keep COMPAT_BSDPTY around anyway.
If we get the testing done, I'm fine with this solution.

> > I should have used ipty instead of opty. IMHO it is a bug that x86 md_all
> > includes it - we should fix that and then, of course, fix 
> > Makefile.bootimage -
> > it probably should just use "init".
> No, Makefile.bootimage is shared by both liveimages and installimages,
> so if the "all" target in MI MAKEDEV.conf doesn't handle "all" default
> environments including installation stuff, we have to add an extra
> variable to switch an arg passed to MAKEDEV script.

We can make all images use ptyfs and stay with "MAKEDEV all" (after the
md ones are fixed).


Home | Main Index | Thread Index | Old Index