Date: Thu, 15 Aug 1996 08:39:14 +1000 From: Bruce Evans <bde@zeta.org.au> To: jgreco@brasil.moneng.mei.com, kpneal@interpath.com Cc: hackers@FreeBSD.org, jkh@time.cdrom.com, ulf@lamb.net Subject: Re: Nightmare. Message-ID: <199608142239.IAA07377@godzilla.zeta.org.au>
next in thread | raw e-mail | index | archive | help
>>Consider all the programs that could clobber a mounted file system. Would
>>it make more sense if we somehow protected a mounted disk device from
>>being clobbered?
>Isn't this one of the things that secure_level > 0 protects you from?
>In fact, yes it is. (reference: page 263, 4.4BSD daemon book).
No, it is still easy to clobber the disk using an alias. The whole-disk
devices (raw and buffered) are the easiest to abuse. Secure_level = 2
of course protects you by preventing all writes to disks.
Half baked write protection can cause obscure errors. FreeBSD implements
write protection of labels (and also conversion of labels as they are
read and written). This works right iff the disk is accessed through the
"right" devices (i.e., through all devices except the whole disk devices).
Even then it can cause obscure errors:
(1) dd if=/dev/rsd0c of=/dev/rsd1c count=64k
(2) dd if=/dev/rsd0c of=/dev/rsd1c
(3) dd if=/dev/sd0c of=/dev/sd1c count=64k # don't use
(4) dd if=/dev/sd0c of=/dev/sd1c # don't use
(1) should fail if sd1 is already labeled (unless the write protection
is removed using disklabel -W sd1 or equivalent, of course).
This is harmless because the copy will abort on the first block
before any data is copied.
(2) should fail in the same cases as (1), but it will abort on the
second block after copying the first block.
(3) should fail in the same cases as (1), but the error won't be
reported to the application so the copy won't be aborted.
Everything except the second block will be copied and the error
won't be reported by dd.
(4) is like (3) except the damage is smaller since the second block
is smaller.
The label blocks should be write protected (and converted) at all levels.
On "i386" systems, the MBR should also be write protected. Perhaps other
blocks should be write protected on other systems. Errors when a write
protected block is hit after copying several GB would be very annoying.
Bruce
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199608142239.IAA07377>