Subject: Re: representation of persistent device status, was Re: devfs, was Re: ptyfs...
To: None <tech-kern@NetBSD.org>
From: Ignatios Souvatzis <email@example.com>
Date: 11/30/2004 09:50:00
Content-Type: text/plain; charset=us-ascii
Jonathan Stone wrote:
> When I put on my security-conscious hat, my first, second, and third
> take on the matter are to `Just say No', and to go with persistent
> in-filesystem device inodes.
How is a non-writable,non-remountable static /dev different from=20
a non-writable, system immutable devfs configuration file?
I'm not not the most security conscious admin around, but in my book,
having anything writable (that is, outside the kernel) define the
mapping between names and devices doesn't sound to good. I think that
devfs is better in this respect, because it makes the kernel define
the name-device relation.
Maybe somebody can explain to me why this isn't true.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----