From owner-freebsd-arch@FreeBSD.ORG Fri Apr 1 17:23:52 2011 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 37534106566B; Fri, 1 Apr 2011 17:23:52 +0000 (UTC) (envelope-from m.e.sanliturk@gmail.com) Received: from mail-qw0-f54.google.com (mail-qw0-f54.google.com [209.85.216.54]) by mx1.freebsd.org (Postfix) with ESMTP id B900F8FC14; Fri, 1 Apr 2011 17:23:51 +0000 (UTC) Received: by qwc9 with SMTP id 9so2679731qwc.13 for ; Fri, 01 Apr 2011 10:23:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=N00NaMS2DTvJJ67YayaYKNHD5pXVNs0q43d+duo9Z4Y=; b=V6UimiUmIOOs+eszdVVf4fRiul6zBybsSGAwOlGQQ92c9Wa2G/FEqAInW/AX9vYOAf +Z1zlpALY+/g3P7bGUqfFAbP6tW6kzSMvrYyexKiltStJV1uC835HnRsXU/kKqDCA/w3 eV7o51JtJPkxwqRpl/fMSMAttQ35J+1KNG9bQ= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=in8jepGaAGEk7d8ks584O8NVEmbdhfhTclYPnYX7+55lqmaCEceNNDpE3S+WGEa7HI kc2cey9gizEGAWts4pkiPfChqE6E4ewGEfv9VacsLMVROpaG0fuaz25RGDzBc6DLXu3o u4/tJRAp33Li4EGp4E16yWxIufTqC82WF2n6M= MIME-Version: 1.0 Received: by 10.224.9.197 with SMTP id m5mr3730052qam.367.1301676940854; Fri, 01 Apr 2011 09:55:40 -0700 (PDT) Received: by 10.224.67.21 with HTTP; Fri, 1 Apr 2011 09:55:40 -0700 (PDT) In-Reply-To: <4D95ECDE.1020504@FreeBSD.org> References: <4D95E162.40605@FreeBSD.org> <4D95ECDE.1020504@FreeBSD.org> Date: Fri, 1 Apr 2011 12:55:40 -0400 Message-ID: From: Mehmet Erol Sanliturk To: Andriy Gapon Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: FreeBSD Hackers , Andrew Duane , FreeBSD Arch Subject: Re: looking for error codes X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Apr 2011 17:23:52 -0000 On Fri, Apr 1, 2011 at 11:18 AM, Andriy Gapon wrote: > on 01/04/2011 18:04 Andrew Duane said the following: > > AFAIK, FreeBSD does not really detect read-only media. This was something > I had to add as a small project here at work, and was considering cleaning > up to try to get into CURRENT. If there's a real need for it, I could speed > that up. > > > > Yes, that's exactly the problem that I am looking at. > So if you have anything to share it will be greatly appreciated at least by > me. > But I think many more people could benefit from it (e.g. those having > SD/SDHC/etc > cards). > Thanks! > > > ________________________________________ > > From: owner-freebsd-hackers@freebsd.org [ > owner-freebsd-hackers@freebsd.org] On Behalf Of Warner Losh [ > imp@bsdimp.com] > > Sent: Friday, April 01, 2011 10:51 AM > > To: Andriy Gapon > > Cc: FreeBSD Hackers; FreeBSD Arch > > Subject: Re: looking for error codes > > > > On Apr 1, 2011, at 8:29 AM, Andriy Gapon wrote: > > > >> > >> I am looking for error codes that would unambiguously signal that a disk > drive has > >> readonly or write-protected media and that disk drive has no media at > the moment. > >> I foresee these error codes being used mostly between disk peripheral > drivers and > >> filesystem drivers. > >> > >> I will appreciate your suggestions. > >> > >> P.S. > >> I see that Linux uses EROFS and ENOMEDIUM for these purposes. > >> I am not sure about EROFS in this role. > >> And we don't have ENOMEDIUM (nor EMEDIUMTYPE). > > > > Maybe we could add ENOMEDIA for that (spelled however Linux spells it) > after EDAVE. > > -- > Andriy Gapon > For a long time I am thinking to obtain a physically ( not only software ) based FreeBSD edition by re-arranging some parts of it , but I do not know how to do it . Such an approach requires separation of FreeBSD into two parts : Read-Only parts and modifiable parts . The core software will be in the read-only part and data files will be in modifiable parts . This will require a new directory structure and partition scheme . At that point , I want to mention my a previously applied approach to such a problem . During 1990 years I was managing computer laboratories of a university department having *DOS systems . Maintenance of software on these computers was impossible due to malicious software . In those days , there were MFM hard disks : Their controllers were separate from their disks as add-on cards , and its cables have two lines among others : One is READ from disk , another WRITE to disk . I have attached rocker switches to WRITE lines of the controller cables . After installations of software , I was disconnecting WRITE line rocker switch and supply the computer for usage . The students were required to boot the computer to eliminate possibility of malicious software invasion of the memory before beginning to study and to use diskettes for data read-write . The main usage was to connect to the main frame of the university . After application of the above protection scheme , the students and others were able to use the computers safely and continuously without any interruption or harm due to malicious software . Data storage into the local personal computers were not important because of usability of main frame of the university . After some years , MFM hard disks abandoned in favor of IDE ( Integrated Drive Electronics ) hard disks by moving controller to hard disk and eliminating use of add-on cards with a very unfortunate design decision as ( a write protect mechanism by a switch on the hard disks are not implemented ) . With respect to my knowledge , no one of the operating systems has a facility to separate read-only and modifiable parts . This feature is making operating systems a very vulnerable targets for wicked persons for malicious attacks . Software protections are not able to prevent this problem because it is impossible to design an error-free software system , especially a very complex system such as an operating system . Up to a few months before , I could not be able to obtain a physical security policy when I accidentally study SDHC cards . Reason of my study was a wish to obtain a more cheaper medium for my frequent operating system installations on USB sticks because USB sticks are much more expensive from hard disks with respective to per giga byte cost . SDHC cards have WRITE-PROTECT mechanism which may be used to protect an operating system physically , IF we can obtain an operating system divisible into two parts as read-only ( software and configuration files , user definitions , etc. ) and modifiable ( data files ) . There are Live DVD/CD operating systems but I do not know that any one of them has a facility to allow to use an external file system usage for continuous usability . I have learned the presence of Puppy Linux from mails : http://puppylinux.org/main/Overview%20and%20Getting%20Started.htm The Puppy Linux has a WONDERFUL Live CD facility : It uses a ram disk during its working . At the end of the session , when a shutdown is requested it is asking to user whether the session will be saved or not . If the Puppy Linux is recorded onto a DVD and writing to DVD is NOT closed , it is possible to burn session data incrementally onto DVD up to a closing of writing . In that way , it is possible to customize working of the Live DVD/CD incrementally . By using such a facility , it is possible to rearrange a physically secure operating system : (1) Install the operating system . Boot it and set its parameters . Write those parameters to its configuration files and close it . Use a DVD-ROM ( not DVD Re-Write ) drive for absolute protection . If speed is important and there is no DVD-ROM , use a SDHC card : (2) Protect it by its write protect switch in SDHC cards after installation and setting parameters . For subsequent usages , use other external drives for data processing ( read - write ) only without any possibility of loading any executable from them . When it is necessary to perform a secure operation , just boot the computer to clean the possible memory invasion of malicious software . For the upgrades : Use a sterile computer ( as not connected to external sources to prevent from possible pollution ) , prepare an upgraded version , write-protect it , insert it into production computer which is exposed to external world by replacing the older version part. By separating directories into distinct drives , it is possible to upgrade only a required part as write protected : .../user_definitions : Important for installations which have a large number of users such as schools , and companies with a large number of employees or users of the computer ( server ) . .../packages : .../configurations : .../operating_system : .../boot_manager : The following parts may be assigned to modifiable drives : /home /var /tmp /swap and possible others . As a summary : It is necessary to have - A new partition structure with ability to assigning parts to distinct drives referenced by names , - Distinction between read-only and modifiable parts where they are assignable to physically different drives referenced by names , ( not by physically encoded drive numbers with respect to attached slot of the computer ) - and other related modifications not mentioned here or not recognized at present by me . I am sorry to present an off-topic subject into this thread , but to obtain such a facility , it is necessary to be able to detect structure of drives and use that structure appropriately . Thank you very much . Mehmet Erol Sanliturk