With recent devfs(s) problems I begin to ask myself, if secure kernel may be allowed to have devfs.
Note that devfs(d) opens up DoS possibility that is near to impossible to close. Because devfsd calls modprobe on any LOOKUP any *non-priviledged* user can possibly hit system with as simple as wile true; do ls /dev/foo done Of course we could have devfs with devfsd but it looks rather silly (and is not supported by current initscripts anyway). So I vote for removing devfs support from kernel-secure. Comments? -andrej
