Date: Thu, 15 Aug 1996 09:36:11 -0500 (CDT) From: Joe Greco <jgreco@brasil.moneng.mei.com> To: bde@zeta.org.au (Bruce Evans) Cc: jgreco@brasil.moneng.mei.com, kpneal@interpath.com, hackers@FreeBSD.org, jkh@time.cdrom.com, ulf@lamb.net Subject: Re: Nightmare. Message-ID: <199608151436.JAA13614@brasil.moneng.mei.com> In-Reply-To: <199608142239.IAA07377@godzilla.zeta.org.au> from "Bruce Evans" at Aug 15, 96 08:39:14 am
next in thread | previous in thread | raw e-mail | index | archive | help
> No, it is still easy to clobber the disk using an alias. The whole-disk > devices (raw and buffered) are the easiest to abuse. Secure_level = 2 > of course protects you by preventing all writes to disks. True, very true. And sometimes there ARE valid reasons to access a mounted file system - consider things like Sun's horrible installboot.. I suspect tunefs also plays these games but maybe not anymore. > Half baked write protection can cause obscure errors. FreeBSD implements > write protection of labels (and also conversion of labels as they are > read and written). This works right iff the disk is accessed through the > "right" devices (i.e., through all devices except the whole disk devices). > Even then it can cause obscure errors: > > (1) dd if=/dev/rsd0c of=/dev/rsd1c count=64k > (2) dd if=/dev/rsd0c of=/dev/rsd1c > (3) dd if=/dev/sd0c of=/dev/sd1c count=64k # don't use > (4) dd if=/dev/sd0c of=/dev/sd1c # don't use I think you mean bs=64k...? (I assume you do) > (1) should fail if sd1 is already labeled (unless the write protection > is removed using disklabel -W sd1 or equivalent, of course). > This is harmless because the copy will abort on the first block > before any data is copied. > (2) should fail in the same cases as (1), but it will abort on the > second block after copying the first block. > (3) should fail in the same cases as (1), but the error won't be > reported to the application so the copy won't be aborted. > Everything except the second block will be copied and the error > won't be reported by dd. > (4) is like (3) except the damage is smaller since the second block > is smaller. > > The label blocks should be write protected (and converted) at all levels. > On "i386" systems, the MBR should also be write protected. Perhaps other > blocks should be write protected on other systems. Errors when a write > protected block is hit after copying several GB would be very annoying. Oh please tell me about it >:-( I set up ccd once and managed to make a minor goof and a whole range of blocks in the middle of my fs became "unusable"... it was particularly annoying because UNIX assumed that the blocks were written OK but they never made it past the FS layers... leading to all sorts of bizarro-ness. My goof, oh well. ... JG
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199608151436.JAA13614>