On Fri, Oct 28, 2005 at 11:48:00AM -0400, Steven M. Bellovin wrote:
> In message <20051028144408.GA622@panix.com>, Thor Lancelot Simon writes:
> > mount all filesystems containing devices read-only, so that I
> >can be *guaranteed* that no new device nodes will be available to user
> >processes no matter what else changes.
> >
> 
> OK -- how do you do that?  That utterly failed for me when I tried it.
> Or rather, I ran into trouble when things like init couldn't do 
> operations on the devices.

I get a small number of warnings (the number has increased with time).
Some I ignore, and others I patch around.

My principal concern is that I be able to put the system in a state in
which I know that no devices I did not choose before boot time to have
filesystem nodes for suddenly get such nodes -- and that those nodes are
created with ownership and permissions I choose, not changed later with
some potential race condition.  If we can lock things down so that I can
ensure that mounting a devfs will _never_ create nodes I didn't explicitly
tell it to, and so that nodes are created with fixed ownership and modes,
that's fine with me.

It's just that that concern seems to keep falling by the wayside.

-- 
 Thor Lancelot Simon	                                      tls@rek.tjls.com

"The inconsistency is startling, though admittedly, if consistency is to be
 abandoned or transcended, there is no problem."		- Noam Chomsky