Re: [PATCH] Add possibility to set /dev/tty number

From: Austin S. Hemmelgarn
Date: Tue Jan 05 2016 - 10:44:51 EST

Next message: Tejun Heo: "[RFD] cgroup: thread granularity support for cpu controller"
Previous message: Mark Brown: "Re: [PATCH v4 4/5] regulator: add regulator driver of hi655x pmic"
In reply to: Greg KH: "Re: [PATCH] Add possibility to set /dev/tty number"
Next in thread: Greg KH: "Re: [PATCH] Add possibility to set /dev/tty number"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2016-01-05 10:25, Greg KH wrote:

On Tue, Jan 05, 2016 at 09:51:14AM +0100, Pierre Paul MINGOT wrote:

In industrial sector, for obvious security and safety reasons we want
configure our system and have a full control of the devices within it.
So unused or dummy devices are not wanted , not nice to have.
One way to achieve this goal is to have a full picture of the devices
in our system and then identified which type of applications can run
and then safety or security potential risks. Base on this analysis we
can put in place mandatory actions to fix the risks.
An other interest for reduce dummy /dev devices is hot-plug device
creation detection through inotify or udev. Indeed, we can configure
udev or inotify for monitoring the /dev directory and notify watched
dedicated events. lesser the devices in /dev is better the response
is. This aspect is crucial for RTOS with very high time constraint
near of microseconds. It's the case for example for a system with
Linux RT Patch or Xenomai.

I don't understand how reducing the number of vt devices makes anything
more or less secure, or better yet, more responsive. Please provide
specific details showing how this happens.

WRT security, the argument isn't that it makes the system inherently more secure, but that it makes it easier to prove the system is secure because there are fewer unused device nodes in /dev that you need to explain. In a way, it's a different aspect of the argument that reducing the number of VT's makes /dev less cluttered. I don't personally agree with doing hardware auditing via /dev, but that's a separate discussion.

As far as the argument about hot-plug overhead, that is an issue (albeit a very small one) because that's at least 30+ extra uevents for devices that will likely never be used, but it's only an issue during boot unless you're doing crazy stuff with allocating and freeing VT's all the time. My statement in my reply to this particular message still applies though, if you're _that_ timing constrained, you should be using a real RTOS (Linux can do RT, but it's not optimal for it, especially with any of the regularly used userspace implementations).
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Tejun Heo: "[RFD] cgroup: thread granularity support for cpu controller"
Previous message: Mark Brown: "Re: [PATCH v4 4/5] regulator: add regulator driver of hi655x pmic"
In reply to: Greg KH: "Re: [PATCH] Add possibility to set /dev/tty number"
Next in thread: Greg KH: "Re: [PATCH] Add possibility to set /dev/tty number"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]