In message <m33by7zula.fsf_at_merlin.emma.line.org>, Matthias Andree writes: >"Poul-Henning Kamp" <phk_at_phk.freebsd.dk> writes: > >> In message <20041215105326.GO25967_at_ip.net.ua>, Ruslan Ermilov writes: >> >>>Are you saying it's not possible to downgrade the open to >>>(r=1, w=0, e=0) when a file system is downgraded from R/W to R/O? >> >> Yes: that would make a read-only mounted filesystem vulnerable to >> overwriting through the /dev entry and we don't want that. >> >> The problem is that we do not in the kernel know if we are in single >> user mode or not. > >What difference does this make? Aren't secure levels or mandatory access >control and similar schemes sufficient to prevent tampering with direct >device access? No. >Why would not root be allowed to nuke a read-only mounted file system? >root has other means to trash a system, including writing junk into the >hardware registers. Just because root can go out of his way to do something stupid doesn't mean that we should make it easier to make an honest mistake. >On my wishlist, I've always wanted a "networked single user mode" >(i. e. only sshd running, only root login with key possible), and I've >always wondered why the whole system recovery is focused so much on the >principle of a "single-user console". Implement it! I've wanted that for a long time too. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk_at_FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.Received on Wed Dec 15 2004 - 10:18:41 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:24 UTC