So I know /dev contains all the drivers required for mouse , keyboard etc but can some dangerous malware delete the folder? Or can someone manually delete the folder with sudo?
Asked
Active
Viewed 1,482 times
8
1 Answers
8
The directory that SIP (About System Integrity Protection) covers are
- /System
- /usr
- /bin
- /sbin
- Apps that are pre-installed with OS X
/dev contains all the drivers required for mouse , keyboard etc
No. These are device nodes or special files that access the hardware directly.
Device drivers are usually located in the System Library as kexts (Kernel Extensions). See this answer for more further details.
can someone manually delete the folder with sudo?
Yes, you can delete this folder however, it should be restored upon reboot because these nodes are dynamically generated as hardware is detected. Under Linux and BSD, the command makedev will regenerate your devices. mknod will do the same for macOS.
From the man page (man mknod)
The mknod command creates device special files.
So, can malware delete or affect these files? Possibly, but it would be counterproductive because it would need root access to begin with and whatever changes would be temporary at best.
Allan
- 101,432
/dev/diskand/dev/rdiskdevices), otherwise you could easily bypass restrictions. See https://apple.stackexchange.com/questions/193368/what-is-the-rootless-feature-in-el-capitan-really – user71659 Nov 04 '17 at 18:19makedevwill regenerate your devices.mknodwill do the same for macOS." – Actually, on almost all modern Linux distributions,/devis dynamically managed byudev. Staticmakedev(orMAKEDEV) scripts haven't existed for over a decade. (Beforeudev,/devwas sometimes a virtual filesystem calleddevfs.) Also note that both theudevddaemon as well as the venerable oldMAKEDEVscripts, simply call themknodutility, and thedevfsfilesystem driver calls themknodsyscall. – Jörg W Mittag Nov 05 '17 at 04:24