[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: CVS commit: src/etc
> On Fri, Sep 07, 2012 at 09:20:49PM +0900, Izumi Tsutsui wrote:
> > - What's the actual benefits on removing those device nodes on /dev?
> > Is it more important than possible fallouts in install materials?
> Those nodes, if used together with ptyfs, create a serious security
> risk. That is why we remove them with postinstall. Creating them first
> just to remove them later sounds wrong.
I see, thanks. (BTW was there any public discussion or announcement?)
> > - If we are going to remove compat pty nodes completely,
> > why don't we also update all install stuff not implicitly
> > using those node, i.e. shouldn't we change all install media
> > to have mount_ptyfs(8) and explicitly mount /dev/pts in /.profile
> > or /etc/rc scripts?
> Yes, that would be an option. I doubt it is easier (due to a lot MD
> testing needed), and we will have to keep COMPAT_BSDPTY around anyway.
> If we get the testing done, I'm fine with this solution.
Then all tier I ports (or at least x86) should be fixed, for reference,
> > > I should have used ipty instead of opty. IMHO it is a bug that x86 md_all
> > > includes it - we should fix that and then, of course, fix
> > > Makefile.bootimage -
> > > it probably should just use "init".
> > No, Makefile.bootimage is shared by both liveimages and installimages,
> > so if the "all" target in MI MAKEDEV.conf doesn't handle "all" default
> > environments including installation stuff, we have to add an extra
> > variable to switch an arg passed to MAKEDEV script.
> We can make all images use ptyfs and stay with "MAKEDEV all" (after the
> md ones are fixed).
Ok, then I'll leave Makefile.bootimage as is.
Main Index |
Thread Index |