Subject: Re: devfs (was Re: Not updating device file inode change times)
To: Todd Vierling <>
From: Stefan Grefen <>
List: tech-kern
Date: 09/07/1998 10:13:48
In message <>  Todd Vierling wrote:
> [thread copied to tech-security since I'm explaining the pitfalls of a
> NFS-mounted /dev]
> On Sun, 6 Sep 1998, Stefan Grefen wrote:
> : > Real
> : > device nodes on a NFS-mounted /dev are, as said before, dangerous and a
> : > serious security risk.
> : 
> : But than a file just doesn't help here, or you have to authenticate the file
> : with secret  ...
> Authentication isn't the problem.  The problem is device nodes which have
> the "wrong" major and minor on the NFS _server_.

By accident, but than this accident can be made to happen. It's not too
difficult to put yourself between an NFS client and server, fake a 
the response and send arbitrary inodes (devices ...) to the client.

NFS is insecure, so the only option is to mount nodev.


> One way of helping is by providing a mechanism by which plain files on the
> NFS server can become device nodes - sort of like a "rose colored
> sunglasses" layer filesystem.  The filesystem would just translate files via
> some not yet determined mechanism, both on read/write and inode
> creation/modification.

I think it's not worth the effort to do it just for nfs, to add persistence to
/devfs it is different issue.
> I'm actually quite surprised to learn that our NFS implementation doesn't
> support a `nomknod' export option, either.  I'm submitting a PR on that one.

OOps, so the server should mount -nodev for now too.

> -- 
> -- Todd Vierling (Personal; Bus.

Stefan Grefen                                Tandem Computers Europe Inc.                       High Performance Research Center
 --- Hacking's just another word for nothing left to kludge. ---