Subject: Re: devfs, was Re: ptyfs fully working now...
To: der Mouse <mouse@Rodents.Montreal.QC.CA>
From: Bill Studenmund <>
List: tech-kern
Date: 11/27/2004 15:03:39
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Nov 26, 2004 at 05:41:07AM -0500, der Mouse wrote:
> > *) improve security by making it possible to make it impossible to
> >    have a usable device node anywhere else on the system
> That's the first time I've seen anyone suggest *that*.
> If devfs makes it impossible to have device nodes other than in /dev,
> it's unacceptable.  As simple as that.  Device nodes elsewhere have too
> many other good uses to give them up.  "Unix doesn't make it impossible
> to do stupid things because that also makes it impossible to do clever
> things."

I think that Eric's comment was either incorrect or poorly-worded. I think
we will depreciate all on-disk device nodes with devfs, but that doesn't
mean you can't have device nodes outside of /dev. In fact, since chroot
environments will need their own /dev's, we will need to support multiple
devfs mounts in a system at once.

In fact, once we have more experience with real, working code, we can=20
probalby come up with a way that chroot'd /dev's can be selective in what=
showns up. "Only what's in this list" will of course be an option. However=
you could make a chroot that gets to see all usb-based disks and printers.=
So you could make a chroot'd picture-printing kiosk app (read from usb=20
stick reader and then print).

So if we do this right, I think we will have the functionality we have now=
and have even more security. :-)

Take care,


Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.3 (NetBSD)