Re: (Semi-random) thoughts on device tree structure and devfs

[Eric Haszlakiewicz <erh%nimenees.com@localhost>]

On Tue, Mar 09, 2010 at 10:52:17PM -0500, Steven Bellovin wrote:
> 
> On Mar 9, 2010, at 10:43 PM, Masao Uebayashi wrote:
> 
> >> I think that Joerg's proposal doesn't prevent you from doing what you 
> >> want, though I don't think it helps, either.  He suggested that /dev/uuid 
> >> and /dev/label just have symlinks to the usual device file, so no 
> >> user-level daemons would be involved.
> > 
> > He said it has to be done in userland daemon. :)
> > 
> The userland daemon creates the symlinks but not the device files, I thought.

So if you want to lock things down, why not just change the /dev mount to be
read-only?  Then bump the securelevel, and whoever the daemon is running as
won't be able to change anything.

eric