lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 17 Sep 2009 17:18:33 -0700 (PDT)
From:	Linus Torvalds <torvalds@...ux-foundation.org>
To:	Kay Sievers <kay.sievers@...y.org>
cc:	Ingo Molnar <mingo@...e.hu>,
	"Eric W. Biederman" <ebiederm@...ssion.com>,
	Greg KH <greg@...ah.com>, linux-kernel@...r.kernel.org
Subject: Re: [bug] /etc/profile: line 30: /dev/null: Permission denied (Was:
  Re: [PATCH] Remove broken by design and by implementation devtmpfs 
 maintenance disaster)



On Fri, 18 Sep 2009, Kay Sievers wrote:
> 
> > So I suspect /dev/null and /dev/zero should be special - just make them
> > have 0666 permissions. Because they really _are_ special, and no other
> > permissions ever make sense for them.
> 
> That's true. I guess there are a few more devices that need special
> permissions.

/dev/tty is probably the only remaining one - I don't think there should 
be any other devices that are so special that normal programs expect them 
to be there, and expect to be able to open them.

/dev/null (and to a lesser degree /dev/zero) really are special, and they 
are special not so much because they are special devices, but because they 
are part of the unix environment in rather deep ways. For example, mmap() 
on /dev/zero is deeply special, and really is about shm rather than any 
devices, so it's a VM thing with an odd special case.

And /dev/tty is special in that you'd expected to be able to open it even 
if you can't open the device that it points to - you may have inherited a 
tty from a program that _used_ to have permission to the underlying 
/dev/ttyxyz thing, but even if you no longer can open that device, 
/dev/tty still works.

The rest of /dev really should be rather esoteric, or it should be about 
real devices. So I do think that with just null, zero and tty having 0666 
permissions, a "normal UNIX" program is supposed to work. That should be 
the minimal set, but also the maximal set of devices that people should 
_expect_ to work.

(Yeah, there are things like /dev/stderr etc, but they are symlinks to 
/proc/self/fd anyway, so permissions don't matter)

			Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ