All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Austin S. Hemmelgarn" <ahferroin7@gmail.com>
To: Greg KH <gregkh@linuxfoundation.org>,
	Pierre Paul MINGOT <mingot.pierre@gmail.com>
Cc: jslaby@suse.cz, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] Add possibility to set /dev/tty number
Date: Tue, 5 Jan 2016 10:43:45 -0500	[thread overview]
Message-ID: <568BE4B1.5040501@gmail.com> (raw)
In-Reply-To: <20160105152547.GC7251@kroah.com>

On 2016-01-05 10:25, Greg KH wrote:
> On Tue, Jan 05, 2016 at 09:51:14AM +0100, Pierre Paul MINGOT wrote:
>> In industrial sector, for obvious security and safety reasons we want
>> configure our system and have a full control of the devices within it.
>> So unused or dummy devices are not wanted , not nice to have.
>>   One way to achieve this goal is to have a full picture of the devices
>> in our system and then identified which type of applications can run
>> and then safety or security potential risks. Base on this analysis we
>> can put in place mandatory actions to fix the risks.
>> An other interest for reduce dummy /dev devices is hot-plug device
>> creation detection through inotify or udev. Indeed, we can configure
>> udev or inotify for monitoring the /dev directory and notify watched
>> dedicated events. lesser the devices in /dev is better the response
>> is. This aspect is crucial for RTOS with very high time constraint
>> near of microseconds. It's the case for example for a system with
>> Linux RT Patch or Xenomai.
>
> I don't understand how reducing the number of vt devices makes anything
> more or less secure, or better yet, more responsive.  Please provide
> specific details showing how this happens.
WRT security, the argument isn't that it makes the system inherently 
more secure, but that it makes it easier to prove the system is secure 
because there are fewer unused device nodes in /dev that you need to 
explain.  In a way, it's a different aspect of the argument that 
reducing the number of VT's makes /dev less cluttered.  I don't 
personally agree with doing hardware auditing via /dev, but that's a 
separate discussion.

As far as the argument about hot-plug overhead, that is an issue (albeit 
a very small one) because that's at least 30+ extra uevents for devices 
that will likely never be used, but it's only an issue during boot 
unless you're doing crazy stuff with allocating and freeing VT's all the 
time.  My statement in my reply to this particular message still applies 
though, if you're _that_ timing constrained, you should be using a real 
RTOS (Linux can do RT, but it's not optimal for it, especially with any 
of the regularly used userspace implementations).

  reply	other threads:[~2016-01-05 15:44 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-01-04 15:34 [PATCH] Add possibility to set /dev/tty number Pierre Paul MINGOT
2016-01-04 15:43 ` Greg KH
2016-01-04 16:57   ` Austin S. Hemmelgarn
2016-01-04 17:11     ` Greg KH
2016-01-04 18:41       ` Austin S. Hemmelgarn
2016-01-04 22:55         ` One Thousand Gnomes
2016-01-05 13:16           ` Austin S. Hemmelgarn
2016-01-05 15:24             ` Greg KH
2016-01-05 15:33               ` Austin S. Hemmelgarn
2016-01-05 16:11             ` Theodore Ts'o
2016-01-05 16:22               ` Austin S. Hemmelgarn
2016-01-05  8:51         ` Pierre Paul MINGOT
2016-01-05 13:02           ` Austin S. Hemmelgarn
2016-01-05 15:25           ` Greg KH
2016-01-05 15:43             ` Austin S. Hemmelgarn [this message]
2016-01-05 16:03               ` Greg KH
2016-01-05 18:38         ` Austin S. Hemmelgarn
2016-01-05 20:47           ` One Thousand Gnomes
2016-01-06 12:42             ` Austin S. Hemmelgarn
2016-01-06 13:54               ` One Thousand Gnomes
2016-01-06 14:07                 ` Austin S. Hemmelgarn
2016-01-06 13:39 ` Austin S. Hemmelgarn

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=568BE4B1.5040501@gmail.com \
    --to=ahferroin7@gmail.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=jslaby@suse.cz \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingot.pierre@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.