> 1) There's a security hole with dynamicly allocated devices if > permissions on new device are difference than on old device. > > The issue is valid, but also exists if hard links are created to > device nodes. udev already defends against this by setting > permissions on device to zero before unlinking it. udev defends against it with the specific knowledge that any existing open means the device is open and cannot be unloaded. The combination is required (and some other happenstance properties). For O_NODE you must implement revoke() as well and get it into tools like udev before you are safe. I appreciate "you need revoke" is a bit like saying "there is one small problem, you just need to reimplement a major subsystem while you are at it", but from a security perspective I don't see any other way to make O_NODE safe in this situation. Alan -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
