HEADS UP: device name checking on device registration
Kostik Belousov
kostikbel at gmail.com
Wed Oct 13 19:35:08 UTC 2010
On Wed, Oct 13, 2010 at 09:48:17PM +0300, Jaakko Heinonen wrote:
> On 2010-10-13, Kostik Belousov wrote:
> > You might consider creating some well-controlled name instead of failed
> > one, and printing a diagnostic describing what happen.
>
> Couldn't this cause a security problem or POLA violation with devfs
> rules? Name based rules may be used to hide devices or change device
> permissions.
Fair enough. You can add a flag that allows make_dev() to do name change.
This way, the rules can be applied still, before doing name change.
Specific error code might be returned to inform the caller about the issue.
Probably, that would require keeping the original name around, so the
change may be too radical for little gain.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-geom/attachments/20101013/f691224b/attachment.pgp
More information about the freebsd-geom
mailing list