Date: Mon, 29 Aug 2005 16:20:39 +0200 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: "Christian S.J. Peron" <csjp@FreeBSD.org> Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org, Dario Freni <saturnero@freesbie.org>, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/dev/md md.c Message-ID: <20050829142039.GA63415@garage.freebsd.pl> In-Reply-To: <200508170124.j7H1Ou1j047750@repoman.freebsd.org> References: <200508170124.j7H1Ou1j047750@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Wed, Aug 17, 2005 at 01:24:55AM +0000, Christian S.J. Peron wrote: +> csjp 2005-08-17 01:24:55 UTC +> +> FreeBSD src repository +> +> Modified files: +> sys/dev/md md.c +> Log: +> Ensure that file flags such as schg, sappnd (and others) are honored +> by md(4). Before this change, it was possible to by-pass these flags +> by creating memory disks which used a file as a backing store and +> writing to the device. +> +> This was discussed by the security team, and although this is problematic, +> it was decided that it was not critical as we never guarantee that root will +> be restricted. +> +> This change implements the following behavior changes: +> [...] +> -Do not gracefully downgrade access modes without telling the user. Instead +> make the user specify their intentions for the device (assuming the file is +> read only). This seems like the more correct way to handle things. I don't think so. It already broke some environments (see current@). I think downgrading to read-only when file system is mounted read-only should stay. -- Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQFDExm3ForvXbEpPzQRAjzKAKDsIDkJ8TFxYhZaQv8UNBsv5tr1hQCg9B7x H938JOOhYtIJ38rcB9gZ/Cg= =BxIC -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050829142039.GA63415>