<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">[ Off topic for OpenSSL... ]</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">On 1/7/2019 8:06 AM, Jakob Bohm via
openssl-users wrote:<br>
</div>
<blockquote type="cite"
cite="mid:f3ca663e-dbd1-4dcb-46a5-305fb9091576@wisemo.com">A
chroot with no other reason to open /dev/null should not contain
that
<br>
file name, even on unix-like platforms (least privilege chroot
design).
<br>
</blockquote>
<p><br>
</p>
<p>There's always a first reason :-)</p>
<p>But also: /dev/null is part of the <a moz-do-not-send="true"
href="http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap10.html#tag_10_01">definition
of UNIX</a>. Programs have every right to expect that it will
be there. Yes, you can build a chroot environment that doesn't
include it... but then you can't complain when programs don't work
in your environment. You can also build an environment that
doesn't include system libraries, and there are reasons to do so,
but few programs will work in it.</p>
<p>Looking at Solaris, about 15% of the programs in /usr/bin and 5%
of the libraries in /usr/lib have a reference to /dev/null.<br>
</p>
<pre class="moz-signature" cols="72">--
Jordan Brown, Oracle Solaris</pre>
</body>
</html>