In message <14918.981230622@critter> Poul-Henning Kamp writes:
: Doing straight symlinks would not work.


The other idea that I had was a cpdev.  It would be like a templated
mknod.  It would stat the first argument and do a mknod with the
st_rdev from the stat, eg:

#include <err.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>

main(char *argv[], int argc)
        struct stat sbuf;

        if (argc != 3)
                errx(1, "usage: cpdev src dst");
        if (stat(argv[1], &sbuf))
                err(1, "stat");
        if (!S_ISCHR(sbuf.st_mode))
                errx(1, "source must be a character device");
        if (mknod(argv[2], sbuf.st_mode, sbuf.st_rdev))
                err(1, "mknod");

This would mean we could export whatever we wanted from the kernel and 
something like this would preserve it.  It would mean allowing mknodo
n non-readonly devfs mounts.  If there was a cheap way to determine
if the rdev was legitimate, it would be the best way to go.  However,
that's the rub with this solution: we need to keep a table of devices
(like major numbers today and export them as major numbers) or we need 
to know with certainty that a pointer is good, which traditionally has 
had its share of security problems.  Well, I suppose that the major
number thing could be a special case of returning a hash as well, but
that still requires a kernel table of some flavor.

Notice I don't bother with major/minor numbers at all, but just use
the raw rdev (which I hope is the right dev to use, since I think
st_dev is the device the filesystem is mounted on) so it doesn't
matter what we export as long as we can swallow what we export.

Of course this does assume that all devfs instances export the same
cookies for the same device.


P.S.  I do hope someone will tell me if this is becoming too

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to