matthew green wrote:

>                  NetBSD Security Advisory 1999-009
>                  =================================
> 
> ... 
> 
> Technical Details
> =================
> 
> The SVR4 /dev/wabi character device special file, usually created
> below the /emul/svr4 hierarchy, is currently supposed to be a synonym
> for the /dev/null device special file.
> 
> Originally developed on the sparc port of NetBSD, the SVR4_MAKEDEV
> shell script creates this file with a major number of 3 and a minor
> number of 2, setting these properties equivalent to those of the
> /dev/null device special file on that platform.  On the i386 port of
> NetBSD, the character device major number 3 is associated with the
> wd(4) driver, which supports IDE (and compatible) disks, and whose
> minor number 2 denotes the NetBSD portion of the first such disk
> configured by the systems; this corresponds to the special device file
> /dev/rwd0c in the base distribution.  As the /dev/wabi special device
> file is created with world read and write permissions, a regular user
> may read and write any data stored on that portion of the disk.

As a "Thought For The Day(tm)", could/should MAKEDEV scripts be
autobuilt from conf.c and other sources of information?  I guess
there's scope for this type of problem to reappear in the future...

Simon.