Date: 19 Jan 1998 23:36:56 +0100 From: Eivind Eklund <perhaps@yes.no> To: Paul Traina <pst@juniper.net> Cc: Bruce Evans <bde@zeta.org.au>, bde@FreeBSD.ORG, dg@FreeBSD.ORG, hackers@FreeBSD.ORG Subject: Re: isdisk() kludge in kernel Message-ID: <86u3b05bw7.fsf@bitbox.follo.net> In-Reply-To: <199801182142.NAA08748@red.juniper.net> References: <199801182142.NAA08748@red.juniper.net>
next in thread | previous in thread | raw e-mail | index | archive | help
* Paul Traina | > >I'd like to propose changing spec_open to simply NEVER allowing the open of | > >a block device, or character device, if a character device has a block | > >device associated with it and eliminate isdisk() in kern_conf entirely. | > | > This would break at least backups to SCSI tape devices, since st has both | > block and character devices, but tapes aren't disks. Perhaps the broken | > version is correct - isdisk() really means isasecurityholeifmountable(). | | Aha, you're correct, ok, bad idea. Couldn't this be solved the opposite way? Default to denying open of character devices with associated block devices, and a flag to indicate that this device is OK to open in secure mode? Generally, default to denying is the only thing that is likely to create a secure system. Eivind.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86u3b05bw7.fsf>