Date: Tue, 21 Sep 1999 17:13:13 -0600 From: Wes Peters <wes@softweyr.com> To: Warner Losh <imp@village.org> Cc: John-Mark Gurney <gurney_j@resnet.uoregon.edu>, FreeBSD Hackers List <freebsd-hackers@FreeBSD.ORG> Subject: Re: what is devfs? Message-ID: <37E81109.E7612259@softweyr.com> References: <19990921000009.54622@hydrogen.fircrest.net> <19990920231629.26284@hydrogen.fircrest.net> <Pine.BSF.4.05.9909202321540.22714-100000@home.elischer.org> <199909212040.OAA27457@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Warner Losh wrote:
>
> Devices must failsafe from a security point of view in the absense of
> a devfsd. Otherwise there will extreme opposition from the security
> officer. This means 0600 or more restrictive permissions. While it
> doesn't happen often, it must be designed for. Otherwise you've
> replaced a secure, predictible system with an insecure one, which is
> not acceptible at all in the base FreeBSD product.
>
> How permissions are saved, devices are given out for use I don't care
> too much about so long as it is secure.
>
> In general, it is very hard to secure a system where things aren't
> predictable.
Is there any possibility of creating a database of devfs perms that gets
loaded into kernel-accessible data space by the loader before boot? Once
the system is up, devfsd could take over, monitoring and updating the
state of devfs and this database, and the perms would come up as they were
last set, modulo the cycle time of devfsd.
--
"Where am I, and what am I doing in this handbasket?"
Wes Peters Softweyr LLC
wes@softweyr.com http://softweyr.com/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?37E81109.E7612259>