Subject: Re: devfs, was Re: ptyfs fully working now...
To: der Mouse <mouse@Rodents.Montreal.QC.CA>
From: Bill Studenmund <email@example.com>
Date: 11/27/2004 15:03:39
Content-Type: text/plain; charset=us-ascii
On Fri, Nov 26, 2004 at 05:41:07AM -0500, der Mouse wrote:
> > *) improve security by making it possible to make it impossible to
> > have a usable device node anywhere else on the system
> That's the first time I've seen anyone suggest *that*.
> If devfs makes it impossible to have device nodes other than in /dev,
> it's unacceptable. As simple as that. Device nodes elsewhere have too
> many other good uses to give them up. "Unix doesn't make it impossible
> to do stupid things because that also makes it impossible to do clever
I think that Eric's comment was either incorrect or poorly-worded. I think
we will depreciate all on-disk device nodes with devfs, but that doesn't
mean you can't have device nodes outside of /dev. In fact, since chroot
environments will need their own /dev's, we will need to support multiple
devfs mounts in a system at once.
In fact, once we have more experience with real, working code, we can=20
probalby come up with a way that chroot'd /dev's can be selective in what=
showns up. "Only what's in this list" will of course be an option. However=
you could make a chroot that gets to see all usb-based disks and printers.=
So you could make a chroot'd picture-printing kiosk app (read from usb=20
stick reader and then print).
So if we do this right, I think we will have the functionality we have now=
and have even more security. :-)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (NetBSD)
-----END PGP SIGNATURE-----