On Wed, 22 Jul 2009, Alan Cox wrote: > > Returning minor numbers during serial_disconnect rather than > > destroy_serial allows the numbers (and hence device node names) to be > > reused even when a process is holding an unplugged device's file open. > > This is what users expect to happen, and there's no reason not to do > > it. > > It also has file permissions and security management concerns because an > unplug as something changes the permissions on the device being removed > now changes the permissions on the wrong device rather than causing an > error. > > That bothers me a bit. I don't understand your concern. In the normal situation where a device is unplugged while no process is holding the device file open, the patch has no effect at all. It has an effect only if some process _is_ holding the device file open during disconnection, and I don't see why one should be more of a security concern than the other. For that matter, why would an unplug cause any permission changes? The device is going away, so there's no point in updating the permissions on the device file. The correct thing to do is to delete the file. But let's suppose for some reason that's how userspace is set up to operate: Device files don't get deleted; instead their permissions get changed when a new device is detected. If that's the case then you're already in trouble even without my patch. A device could be unplugged while no process was holding its file open, thus causing its minor to be released immediately. Then a new device could be plugged in and accessed before the device file's permissions were changed. Alan Stern -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
