/dev/zero can be used for a variety of things. It contains no sensitive
information (only binary zeroes :) and hence conceptually its access should
not be restricted.
There are a lot of other denial-of-service attacks that users can employ on
Linux. If there's any interest in reducing the effectiveness of
denial-of-service attacks (and improving Linux's handling of
resource-exhaustion situations) that might be a better approach than simply
denying access to this device.
It's also not hard thwart fix this sort of denial-of-service attack;
just put in code to periodically check to see if need_resched is true,
and call schedule() to yield control of the process. You should also
check to see if a signal has been posted, and exit appropriately:
if (need_resched)
schedule();
if (current->signal & ~current->blocked)
return (bytes_written ? bytes_written : -ERESTARTSYS);
Any kernel system call which might be long-lived should definitely be
doing something like this, just for robustness's sake.
- Ted