From owner-freebsd-current@FreeBSD.ORG  Wed Dec 15 11:09:25 2004
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 5C27A16A4CE; Wed, 15 Dec 2004 11:09:25 +0000 (GMT)
Received: from mail.dt.e-technik.uni-dortmund.de
	(krusty.dt.e-technik.Uni-Dortmund.DE [129.217.163.1])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id C8DA943D53; Wed, 15 Dec 2004 11:09:24 +0000 (GMT)
	(envelope-from ma@dt.e-technik.uni-dortmund.de)
Received: from localhost (localhost [127.0.0.1])E4A384BE37;
	Wed, 15 Dec 2004 12:09:23 +0100 (CET)
Received: from mail.dt.e-technik.uni-dortmund.de ([127.0.0.1])
 by localhost (krusty [127.0.0.1]) (amavisd-new, port 10024) with LMTP
 id 28279-06-3; Wed, 15 Dec 2004 12:09:23 +0100 (CET)
Received: from m2a2.dyndns.org (p508EEE1E.dip.t-dialin.net [80.142.238.30])
	29E834BE21;	Wed, 15 Dec 2004 12:09:23 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by merlin.emma.line.org (Postfix) with ESMTP id 6E57677B93;
	Wed, 15 Dec 2004 12:09:22 +0100 (CET)
Received: from merlin.emma.line.org ([127.0.0.1])
 by localhost (m2a2.dyndns.org [127.0.0.1]) (amavisd-new, port 10024)
 with LMTP id 03595-07; Wed, 15 Dec 2004 12:09:21 +0100 (CET)
Received: by merlin.emma.line.org (Postfix, from userid 500)
	id A0F7477B94; Wed, 15 Dec 2004 12:09:21 +0100 (CET)
From: Matthias Andree <ma@dt.e-technik.uni-dortmund.de>
To: "Poul-Henning Kamp" <phk@phk.freebsd.dk>
In-Reply-To: <43754.1103108217@critter.freebsd.dk> (Poul-Henning Kamp's
	message of "Wed, 15 Dec 2004 11:56:57 +0100")
References: <43754.1103108217@critter.freebsd.dk>
Date: Wed, 15 Dec 2004 12:09:21 +0100
Message-ID: <m33by7zula.fsf@merlin.emma.line.org>
User-Agent: Gnus/5.110003 (No Gnus v0.3) Emacs/21.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Virus-Scanned: by amavisd-new at dt.e-technik.uni-dortmund.de
cc: Ruslan Ermilov <ru@FreeBSD.org>
cc: current@FreeBSD.org
Subject: Re: Background fsck is broken
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Dec 2004 11:09:25 -0000

"Poul-Henning Kamp" <phk@phk.freebsd.dk> writes:

> In message <20041215105326.GO25967@ip.net.ua>, Ruslan Ermilov writes:
>
>>Are you saying it's not possible to downgrade the open to
>>(r=1, w=0, e=0) when a file system is downgraded from R/W to R/O?
>
> Yes: that would make a read-only mounted filesystem vulnerable to
> overwriting through the /dev entry and we don't want that.
>
> The problem is that we do not in the kernel know if we are in single
> user mode or not.

What difference does this make? Aren't secure levels or mandatory access
control and similar schemes sufficient to prevent tampering with direct
device access?

Why would not root be allowed to nuke a read-only mounted file system?
root has other means to trash a system, including writing junk into the
hardware registers.

On my wishlist, I've always wanted a "networked single user mode"
(i. e. only sshd running, only root login with key possible), and I've
always wondered why the whole system recovery is focused so much on the
principle of a "single-user console".

-- 
Matthias Andree