A privilege escalation flaw in udev

Posted Apr 23, 2009 0:05 UTC (Thu) by jreiser (subscriber, #11027)
In reply to: A privilege escalation flaw in udev by nix
Parent article: A privilege escalation flaw in udev

Can anyone think of a reason why mknod() allows *anyone* to create device nodes outside /dev?

Before there was kernel-level virtualization (vmware, xen, kvm, ...) there were partial virtualization environments which needed devices. If you have a machine with trusted users only and/or global protection, then mknod() can be handy for experiments.