Julian Elischer scribbled this message on Sep 20:
> On Mon, 20 Sep 1999, John-Mark Gurney wrote:
> > one thing that HAS to happen is the fast that some devices CAN'T "appeare"
> > until the devfsd says it can, unless we force a very restrictive permision
> > on all devices (600 or something similar) otherwise we will have security
> > wholes up the wazoo... don't forget about this... a devfsd daemon is
> > definately the way to go...
>
> While I sharply disagree, with your assertion,
what part exactly? are you saying that we should allow devices to appear
that are insecure??
we have two possible ways of dealing with it:
a) a daemon "lets" a device appear w/ certain permisions
b) a device appears w/ 0600 root:wheel, and the daemon sets
the device to proper owner/permissions
any other way introduces the problem where you stick in a serial card
that contains a sensitive serial console, and someone can "attach" to
the device... or many other possible problems...
--
John-Mark Gurney Voice: +1 408 975 9651
Cu Networking
"The soul contains in itself the event that shall presently befall it.
The event is only the actualizing of its thought." -- Ralph Waldo Emerson
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
