"Poul-Henning Kamp" <phk_at_phk.freebsd.dk> writes: > In message <20041215105326.GO25967_at_ip.net.ua>, Ruslan Ermilov writes: > >>Are you saying it's not possible to downgrade the open to >>(r=1, w=0, e=0) when a file system is downgraded from R/W to R/O? > > Yes: that would make a read-only mounted filesystem vulnerable to > overwriting through the /dev entry and we don't want that. > > The problem is that we do not in the kernel know if we are in single > user mode or not. What difference does this make? Aren't secure levels or mandatory access control and similar schemes sufficient to prevent tampering with direct device access? Why would not root be allowed to nuke a read-only mounted file system? root has other means to trash a system, including writing junk into the hardware registers. On my wishlist, I've always wanted a "networked single user mode" (i. e. only sshd running, only root login with key possible), and I've always wondered why the whole system recovery is focused so much on the principle of a "single-user console". -- Matthias AndreeReceived on Wed Dec 15 2004 - 10:09:25 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:24 UTC