Date: Tue, 21 Sep 1999 14:40:38 -0600 From: Warner Losh <imp@village.org> To: John-Mark Gurney <gurney_j@resnet.uoregon.edu> Cc: FreeBSD Hackers List <freebsd-hackers@FreeBSD.ORG> Subject: Re: what is devfs? Message-ID: <199909212040.OAA27457@harmony.village.org> In-Reply-To: Your message of "Tue, 21 Sep 1999 00:00:09 PDT." <19990921000009.54622@hydrogen.fircrest.net> References: <19990921000009.54622@hydrogen.fircrest.net> <19990920231629.26284@hydrogen.fircrest.net> <Pine.BSF.4.05.9909202321540.22714-100000@home.elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Devices must failsafe from a security point of view in the absense of a devfsd. Otherwise there will extreme opposition from the security officer. This means 0600 or more restrictive permissions. While it doesn't happen often, it must be designed for. Otherwise you've replaced a secure, predictible system with an insecure one, which is not acceptible at all in the base FreeBSD product. How permissions are saved, devices are given out for use I don't care too much about so long as it is secure. In general, it is very hard to secure a system where things aren't predictable. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199909212040.OAA27457>