Subject: Re: devfs, was Re: ptyfs fully working now...
To: der Mouse <mouse@Rodents.Montreal.QC.CA>
From: Eric Haszlakiewicz <erh@nimenees.com>
List: tech-kern
Date: 11/26/2004 17:51:45
On Fri, Nov 26, 2004 at 05:41:07AM -0500, der Mouse wrote:
> > *) improve security by making it possible to make it impossible to
> > have a usable device node anywhere else on the system
>
> That's the first time I've seen anyone suggest *that*.
>
> If devfs makes it impossible to have device nodes other than in /dev,
> it's unacceptable. As simple as that. Device nodes elsewhere have too
> many other good uses to give them up. "Unix doesn't make it impossible
> to do stupid things because that also makes it impossible to do clever
> things."
That's not what I said. I said that you CAN restrict devices nodes
to only being operational in the devfs. I did NOT say you can't have
devices nodes elsewhere if you want them.
Actually, you can do this now if you create a normal mini-fs only for
/dev (perhaps vnconfig'd even) and mark every other mounted filesystem
nodev. If the conventional way of creating /dev becomes "mount a filesystem"
(whether it's devfs or something else) it makes sense to make the
default mount behavior nodev for all other mounts.
eric