From owner-freebsd-hackers  Mon Jan 19 22:22:51 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id WAA07011
          for hackers-outgoing; Mon, 19 Jan 1998 22:22:51 -0800 (PST)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.2.228.19])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id WAA06888;
          Mon, 19 Jan 1998 22:20:23 -0800 (PST)
          (envelope-from bde@godzilla.zeta.org.au)
Received: (from bde@localhost)
	by godzilla.zeta.org.au (8.8.7/8.8.7) id RAA19133;
	Tue, 20 Jan 1998 17:17:26 +1100
Date: Tue, 20 Jan 1998 17:17:26 +1100
From: Bruce Evans <bde@zeta.org.au>
Message-Id: <199801200617.RAA19133@godzilla.zeta.org.au>
To: perhaps@yes.no, pst@juniper.net
Subject: Re: isdisk() kludge in kernel
Cc: bde@FreeBSD.ORG, bde@zeta.org.au, dg@FreeBSD.ORG, hackers@FreeBSD.ORG
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk

>Couldn't this be solved the opposite way?
>
>Default to denying open of character devices with associated block
>devices, and a flag to indicate that this device is OK to open in
>secure mode?
>
>Generally, default to denying is the only thing that is likely to
>create a secure system.

I like this, but not for -stable.  The disk flag would still be required
to support securelevel 1, where the only restrictions on devices are that
/dev/*mem and _disks_ for _mounted_ filesystems may not be opened for
writing.

Better yet, we could have a flag to indicate that the device is OK
to open.  It is not OK to open a device with an unmaintained driver :-).

Bruce