Skip site navigation (1)Skip section navigation (2)
Date:      19 Jan 1998 23:36:56 +0100
From:      Eivind Eklund <perhaps@yes.no>
To:        Paul Traina <pst@juniper.net>
Cc:        Bruce Evans <bde@zeta.org.au>, bde@FreeBSD.ORG, dg@FreeBSD.ORG, hackers@FreeBSD.ORG
Subject:   Re: isdisk() kludge in kernel
Message-ID:  <86u3b05bw7.fsf@bitbox.follo.net>
In-Reply-To: <199801182142.NAA08748@red.juniper.net>
References:  <199801182142.NAA08748@red.juniper.net>

next in thread | previous in thread | raw e-mail | index | archive | help
* Paul Traina
| > >I'd like to propose changing spec_open to simply NEVER allowing the open of
| > >a block device, or character device, if a character device has a block
| > >device associated with it and eliminate isdisk() in kern_conf entirely.
| > 
| > This would break at least backups to SCSI tape devices, since st has both
| > block and character devices, but tapes aren't disks.  Perhaps the broken
| > version is correct - isdisk() really means isasecurityholeifmountable().
| 
| Aha, you're correct, ok, bad idea.

Couldn't this be solved the opposite way?

Default to denying open of character devices with associated block
devices, and a flag to indicate that this device is OK to open in
secure mode?

Generally, default to denying is the only thing that is likely to
create a secure system.

Eivind.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86u3b05bw7.fsf>