--vOmOzSkFvhd7u8Ms
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Nov 26, 2004 at 05:41:07AM -0500, der Mouse wrote:
> > *) improve security by making it possible to make it impossible to
> >    have a usable device node anywhere else on the system
>=20
> That's the first time I've seen anyone suggest *that*.
>=20
> If devfs makes it impossible to have device nodes other than in /dev,
> it's unacceptable.  As simple as that.  Device nodes elsewhere have too
> many other good uses to give them up.  "Unix doesn't make it impossible
> to do stupid things because that also makes it impossible to do clever
> things."

I think that Eric's comment was either incorrect or poorly-worded. I think
we will depreciate all on-disk device nodes with devfs, but that doesn't
mean you can't have device nodes outside of /dev. In fact, since chroot
environments will need their own /dev's, we will need to support multiple
devfs mounts in a system at once.

In fact, once we have more experience with real, working code, we can=20
probalby come up with a way that chroot'd /dev's can be selective in what=
=20
showns up. "Only what's in this list" will of course be an option. However=
=20
you could make a chroot that gets to see all usb-based disks and printers.=
=20
So you could make a chroot'd picture-printing kiosk app (read from usb=20
stick reader and then print).

So if we do this right, I think we will have the functionality we have now=
=20
and have even more security. :-)

Take care,

Bill

--vOmOzSkFvhd7u8Ms
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (NetBSD)

iD8DBQFBqQfKWz+3JHUci9cRAsnmAJ0a1zx7c00U2bieQRQIEUZ6M2tKPwCfQNwA
Xgg078fccvKWzS/9wwFtMZU=
=lD6f
-----END PGP SIGNATURE-----

--vOmOzSkFvhd7u8Ms--