lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20090918195005.GA11726@elte.hu>
Date:	Fri, 18 Sep 2009 21:50:05 +0200
From:	Ingo Molnar <mingo@...e.hu>
To:	Kay Sievers <kay.sievers@...y.org>
Cc:	Greg KH <greg@...ah.com>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	"Eric W. Biederman" <ebiederm@...ssion.com>,
	linux-kernel@...r.kernel.org
Subject: Re: [bug] /etc/profile: line 30: /dev/null: Permission denied
	(Was: Re: [PATCH] Remove broken by design and by implementation
	devtmpfs maintenance disaster)


* Kay Sievers <kay.sievers@...y.org> wrote:

> On Fri, Sep 18, 2009 at 17:37, Kay Sievers <kay.sievers@...y.org> wrote:
> > On Fri, Sep 18, 2009 at 17:05, Greg KH <greg@...ah.com> wrote:
> >> On Fri, Sep 18, 2009 at 07:18:54AM -0700, Linus Torvalds wrote:
> >>>
> >>> On Thu, 17 Sep 2009, Greg KH wrote:
> >>> >
> >>> > I think the udev version in older Fedora releases can't handle this
> >>> > kernel option, which is fine, just don't enable it. ??Newer versions can
> >>> > handle it, right?
> >>>
> >>> .. conversely, if you can't be bothered to set up /dev/null and /dev/zero
> >>> correctly, I would suggest that you not set them up AT ALL in devtmpfs.
> >>
> >> Fair enough.
> >>
> >>> The thing is, 0600 for those nodes is just _wrong_. Don't do it.
> >>
> >> Ok, Kay, care to just treat these as "special"?
> >
> > Sure, the patch I sent yesterday does that. We might want to drop the
> > USB device node permissions (same as the proc nodes), but they are
> > probably not needed?
> >
> > Ingo, do you possibly have a chance to test if your setup comes up 
> > with that? That would be great to know.
> 
> With that patch, I can login as a normal user without any udev ever 
> started, and no static content copied to /dev.

Great. Please merge this without waiting me to clear up any of my (way 
too much) backlog and get it tested. The only hickup i had was the 
/dev/zero & /dev/null permission stuff that prevented ssh logins. With 
that fixed i'm a happy camper.

Self-contained /dev is great, udev is a total PITA on older distros (on 
this box it sometimes takes 3 minutes for udev to boot ...) so turning 
on devtmpfs and getting something functional in exchange is a big 
selling point IMO.

Btw., i never understood the separation of udev from the kernel. It's 
not like it makes any sense without a Linux kernel - and the separation 
just increases release cycle pain and causes (unnecessary) detachment 
from the actual kernel. Should be hosted in tools/udev/ or so ;-)

	Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ