Re: [bug] /etc/profile: line 30: /dev/null: Permission denied (Was: Re: [PATCH] Remove broken by design and by implementation devtmpfs maintenance disaster)

[Greg KH <greg@kroah.com>]

On Fri, Sep 18, 2009 at 03:50:36AM +0200, Kay Sievers wrote:
> On Thu, 2009-09-17 at 17:18 -0700, Linus Torvalds wrote:
> > 
> > On Fri, 18 Sep 2009, Kay Sievers wrote:
> > > 
> > > > So I suspect /dev/null and /dev/zero should be special - just make them
> > > > have 0666 permissions. Because they really _are_ special, and no other
> > > > permissions ever make sense for them.
> > > 
> > > That's true. I guess there are a few more devices that need special
> > > permissions.
> > 
> > /dev/tty is probably the only remaining one - I don't think there should 
> > be any other devices that are so special that normal programs expect them 
> > to be there, and expect to be able to open them.
> > 
> > /dev/null (and to a lesser degree /dev/zero) really are special, and they 
> > are special not so much because they are special devices, but because they 
> > are part of the unix environment in rather deep ways. For example, mmap() 
> > on /dev/zero is deeply special, and really is about shm rather than any 
> > devices, so it's a VM thing with an odd special case.
> > 
> > And /dev/tty is special in that you'd expected to be able to open it even 
> > if you can't open the device that it points to - you may have inherited a 
> > tty from a program that _used_ to have permission to the underlying 
> > /dev/ttyxyz thing, but even if you no longer can open that device, 
> > /dev/tty still works.
> > 
> > The rest of /dev really should be rather esoteric, or it should be about 
> > real devices. So I do think that with just null, zero and tty having 0666 
> > permissions, a "normal UNIX" program is supposed to work. That should be 
> > the minimal set, but also the maximal set of devices that people should 
> > _expect_ to work.
> 
> Here is a quick hack to allow subsystems to provide a mode for their
> devices. It uses the callback that can provide custom non-default device
> names. Ingo, maybe you can give it a try?
> 
> To see how it works, it currently includes access to: null, zero, full,
> random, urandom, tty, ptmx. Also the USB /dev nodes have the same
> permissions as the USB /proc nodes always had. That's basically what
> udev does today for non-root users.

Ick, I don't think we should do something like this, it starts putting
the mode policy back into the kernel.  What's next, owner and group?  :)

I think the udev version in older Fedora releases can't handle this
kernel option, which is fine, just don't enable it.  Newer versions can
handle it, right?

thanks,

greg k-h