From owner-cvs-src@FreeBSD.ORG Mon Aug 29 14:21:23 2005 Return-Path: X-Original-To: cvs-src@FreeBSD.org Delivered-To: cvs-src@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1104A16A41F; Mon, 29 Aug 2005 14:21:23 +0000 (GMT) (envelope-from pjd@garage.freebsd.pl) Received: from mail.garage.freebsd.pl (arm132.internetdsl.tpnet.pl [83.17.198.132]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8622643D8F; Mon, 29 Aug 2005 14:21:15 +0000 (GMT) (envelope-from pjd@garage.freebsd.pl) Received: by mail.garage.freebsd.pl (Postfix, from userid 65534) id A90AD52C19; Mon, 29 Aug 2005 16:21:13 +0200 (CEST) Received: from localhost (pjd.wheel.pl [10.0.1.1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.garage.freebsd.pl (Postfix) with ESMTP id E0ABA52BC5; Mon, 29 Aug 2005 16:21:05 +0200 (CEST) Date: Mon, 29 Aug 2005 16:20:39 +0200 From: Pawel Jakub Dawidek To: "Christian S.J. Peron" Message-ID: <20050829142039.GA63415@garage.freebsd.pl> References: <200508170124.j7H1Ou1j047750@repoman.freebsd.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="oyUTqETQ0mS9luUI" Content-Disposition: inline In-Reply-To: <200508170124.j7H1Ou1j047750@repoman.freebsd.org> X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc X-OS: FreeBSD 7.0-CURRENT i386 User-Agent: mutt-ng devel (FreeBSD) X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on mail.garage.freebsd.pl X-Spam-Level: X-Spam-Status: No, score=-5.9 required=3.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham version=3.0.4 Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org, Dario Freni , cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/dev/md md.c X-BeenThere: cvs-src@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Aug 2005 14:21:23 -0000 --oyUTqETQ0mS9luUI Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Aug 17, 2005 at 01:24:55AM +0000, Christian S.J. Peron wrote: +> csjp 2005-08-17 01:24:55 UTC +>=20 +> FreeBSD src repository +>=20 +> Modified files: +> sys/dev/md md.c=20 +> Log: +> Ensure that file flags such as schg, sappnd (and others) are honored +> by md(4). Before this change, it was possible to by-pass these flags +> by creating memory disks which used a file as a backing store and +> writing to the device. +> =20 +> This was discussed by the security team, and although this is problema= tic, +> it was decided that it was not critical as we never guarantee that roo= t will +> be restricted. +> =20 +> This change implements the following behavior changes: +> =20 [...] +> -Do not gracefully downgrade access modes without telling the user. In= stead +> make the user specify their intentions for the device (assuming the f= ile is +> read only). This seems like the more correct way to handle things. I don't think so. It already broke some environments (see current@). I think downgrading to read-only when file system is mounted read-only should stay. --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --oyUTqETQ0mS9luUI Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQFDExm3ForvXbEpPzQRAjzKAKDsIDkJ8TFxYhZaQv8UNBsv5tr1hQCg9B7x H938JOOhYtIJ38rcB9gZ/Cg= =BxIC -----END PGP SIGNATURE----- --oyUTqETQ0mS9luUI--