On Fri, Sep 07, 2012 at 09:20:49PM +0900, Izumi Tsutsui wrote: > - What's the actual benefits on removing those device nodes on /dev? > Is it more important than possible fallouts in install materials?
Those nodes, if used together with ptyfs, create a serious security risk. That is why we remove them with postinstall. Creating them first just to remove them later sounds wrong. > - If we are going to remove compat pty nodes completely, > why don't we also update all install stuff not implicitly > using those node, i.e. shouldn't we change all install media > to have mount_ptyfs(8) and explicitly mount /dev/pts in /.profile > or /etc/rc scripts? Yes, that would be an option. I doubt it is easier (due to a lot MD testing needed), and we will have to keep COMPAT_BSDPTY around anyway. If we get the testing done, I'm fine with this solution. > > I should have used ipty instead of opty. IMHO it is a bug that x86 md_all > > includes it - we should fix that and then, of course, fix > > Makefile.bootimage - > > it probably should just use "init". > > No, Makefile.bootimage is shared by both liveimages and installimages, > so if the "all" target in MI MAKEDEV.conf doesn't handle "all" default > environments including installation stuff, we have to add an extra > variable to switch an arg passed to MAKEDEV script. We can make all images use ptyfs and stay with "MAKEDEV all" (after the md ones are fixed). Martin
