>Number:         7170
>Category:       kern
>Synopsis:       init_main.c requires /dev/console to exist
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    kern-bug-people (Kernel Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Mar 16 05:35:01 1999
>Last-Modified:
>Originator:     Todd Vierling
>Organization:
	DuhNet: Pointing out the obvious since 1994.

>Release:        all
>Environment:
	all

>Description:

One of my biggest pet peeves about init is that it requires /dev/console
to exist in order to do anything useful on the system.  This is both a
security and flexibility bug.

There is absolutely no reason that /dev/console should be required for
single user mode; a possibly corrupt / could (and in my case, has in the
past!) lose the node, making the sysadmin boot from alternative media in
order to get the system up and running.

Requiring /dev/console at boot also precludes setting up a MFS (or some
other kind of fs) /dev to work in place of a NFS-mounted /dev for diskless
clients.  (See my e-mail comments attached to PR security/6113 for the
start of this point.)

There's a nice little comment in sys/kern/init_main.c that reads:

         * This is not the right way to do this.  We really should
         * hand-craft a descriptor onto /dev/console to hand to init,
         * but that's a _lot_ more work, and the benefit from this easy
         * hack makes up for the "good is the enemy of the best" effect.

So here's your PR that says it should be done the way suggested in the
comment.  (There would be no compatibility issue if this were done; old
/sbin/init's would close the kernel created descriptor and open
/dev/console manually.)

>How-To-Repeat:

rm /dev/console
reboot -- -s

>Fix:

Roll our own fd 0/1/2 attached to "what should be" /dev/console and pass
these to init.
>Audit-Trail:
>Unformatted: