Date: Thu, 15 Aug 1996 08:39:14 +1000 From: Bruce Evans <bde@zeta.org.au> To: jgreco@brasil.moneng.mei.com, kpneal@interpath.com Cc: hackers@FreeBSD.org, jkh@time.cdrom.com, ulf@lamb.net Subject: Re: Nightmare. Message-ID: <199608142239.IAA07377@godzilla.zeta.org.au>
next in thread | raw e-mail | index | archive | help
>>Consider all the programs that could clobber a mounted file system. Would >>it make more sense if we somehow protected a mounted disk device from >>being clobbered? >Isn't this one of the things that secure_level > 0 protects you from? >In fact, yes it is. (reference: page 263, 4.4BSD daemon book). No, it is still easy to clobber the disk using an alias. The whole-disk devices (raw and buffered) are the easiest to abuse. Secure_level = 2 of course protects you by preventing all writes to disks. Half baked write protection can cause obscure errors. FreeBSD implements write protection of labels (and also conversion of labels as they are read and written). This works right iff the disk is accessed through the "right" devices (i.e., through all devices except the whole disk devices). Even then it can cause obscure errors: (1) dd if=/dev/rsd0c of=/dev/rsd1c count=64k (2) dd if=/dev/rsd0c of=/dev/rsd1c (3) dd if=/dev/sd0c of=/dev/sd1c count=64k # don't use (4) dd if=/dev/sd0c of=/dev/sd1c # don't use (1) should fail if sd1 is already labeled (unless the write protection is removed using disklabel -W sd1 or equivalent, of course). This is harmless because the copy will abort on the first block before any data is copied. (2) should fail in the same cases as (1), but it will abort on the second block after copying the first block. (3) should fail in the same cases as (1), but the error won't be reported to the application so the copy won't be aborted. Everything except the second block will be copied and the error won't be reported by dd. (4) is like (3) except the damage is smaller since the second block is smaller. The label blocks should be write protected (and converted) at all levels. On "i386" systems, the MBR should also be write protected. Perhaps other blocks should be write protected on other systems. Errors when a write protected block is hit after copying several GB would be very annoying. Bruce
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199608142239.IAA07377>