On Fri, Nov 26, 2004 at 05:41:07AM -0500, der Mouse wrote:
> > *) improve security by making it possible to make it impossible to
> >    have a usable device node anywhere else on the system
> 
> That's the first time I've seen anyone suggest *that*.
> 
> If devfs makes it impossible to have device nodes other than in /dev,
> it's unacceptable.  As simple as that.  Device nodes elsewhere have too
> many other good uses to give them up.  "Unix doesn't make it impossible
> to do stupid things because that also makes it impossible to do clever
> things."

	That's not what I said.  I said that you CAN restrict devices nodes
to only being operational in the devfs.  I did NOT say you can't have
devices nodes elsewhere if you want them.
	Actually, you can do this now if you create a normal mini-fs only for
/dev (perhaps vnconfig'd even) and mark every other mounted filesystem
nodev.  If the conventional way of creating /dev becomes "mount a filesystem"
(whether it's devfs or something else) it makes sense to make the 
default mount behavior nodev for all other mounts.

eric