Devtmpfs and permissions [LWN.net]

Some developers have been unhappy about the merging of devtmpfs for 2.6.32; one even posted a patch to remove it again. Ingo Molnar, instead, simply reported a bug: when devtmpfs created /dev/null and /dev/zero, it made them inaccessible to unprivileged accounts. That breaks most applications in the system, which, Ingo thought, was not entirely desirable.

The devtmpfs developers originally responded that udev should have set the permissions properly by the time any sort of user-space application was running. But devtmpfs raises the possibility of running without udev altogether, at least on relatively simple systems. Linus agreed that this would be a nice possibility, but noted that it would not work if a small number of special files were not world-accessible. Setting the permissions properly is not that hard, but it leads in a direction the devtmpfs developers had not wanted to go: it puts a certain amount of administrative policy into the kernel.

In the end, though, that is exactly what happened; devtmpfs gained the query to get default permissions from kernel subsystems and implement them in the filesystem. Given that these permissions were Linus's largest complaint about the whole thing, it now seems likely that devtmpfs has a secure place in the 2.6.32 kernel.

(Log in to post comments)

Devtmpfs and permissions

Posted Sep 24, 2009 12:04 UTC (Thu) by nix (subscriber, #2304) [Link]

The permissions of /dev/null and /dev/zero are not policy: you can't sanely change them. /dev/null has its permissions specified by POSIX (as do /dev/tty and /dev/console, which are similarly magical), and lots of critical things including the dynamic linker rely on /dev/zero in particular (thanks to mmap() of /dev/zero being one way to get anonymous memory).