From owner-freebsd-questions@FreeBSD.ORG Sat May 24 16:33:04 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 33EF18AE for ; Sat, 24 May 2014 16:33:04 +0000 (UTC) Received: from wonkity.com (wonkity.com [67.158.26.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "wonkity.com", Issuer "wonkity.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id B91A9294E for ; Sat, 24 May 2014 16:33:03 +0000 (UTC) Received: from wonkity.com (localhost [127.0.0.1]) by wonkity.com (8.14.8/8.14.8) with ESMTP id s4OGWuo5094334 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sat, 24 May 2014 10:32:56 -0600 (MDT) (envelope-from wblock@wonkity.com) Received: from localhost (wblock@localhost) by wonkity.com (8.14.8/8.14.8/Submit) with ESMTP id s4OGWuwx094331; Sat, 24 May 2014 10:32:56 -0600 (MDT) (envelope-from wblock@wonkity.com) Date: Sat, 24 May 2014 10:32:56 -0600 (MDT) From: Warren Block To: Polytropon Subject: Re: write-protected usb flash drive In-Reply-To: <20140524174102.66eff3da.freebsd@edvax.de> Message-ID: References: <537FE744.3030002@dreamchaser.org> <20140524080127.f2e788d5.freebsd@edvax.de> <5380AB17.2070300@dreamchaser.org> <5380B953.5090700@qeng-ho.org> <20140524174102.66eff3da.freebsd@edvax.de> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (wonkity.com [127.0.0.1]); Sat, 24 May 2014 10:32:56 -0600 (MDT) Cc: Arthur Chance , FreeBSD Mailing List X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 May 2014 16:33:04 -0000 On Sat, 24 May 2014, Polytropon wrote: > On Sat, 24 May 2014 16:22:59 +0100, Arthur Chance wrote: >> OK, thought I'd better try my own advice rather than just handing it >> out. I put a microSD card out of an old phone into a SanDisk mSD -> SD >> adapter and plugged that into my SanDisk SD -> USB adapter, mounted it >> (FAT32 file system already on it) and wrote a file to it. Worked as >> you'd expect. I then unmounted and unplugged it, flipped the write >> protect switch and tried to remount. Result was >> >> mount_msdosfs: /dev/da5s1: Input/output error >> >> Mounting it read-only was fine. So, the write protect is honoured by at >> least some SD -> USB adapters. > > This is already on file system level. It _should_ work the same > at upper layers, for example when using dd to write NULs to the > device with the write protection on - an error should (correctly) > occur in that case. > > When a r/o mount is forced, the routines accessing that file > system cannot avoid the write protection. Still writes are > possible _aside of_ the file system which should be prevented > by the switch as well. It's probably a good idea to check that > too, e. g. put in the card with write protection on and then > try dd or newfs on it. These are worthwhile tests, but remember that they are done in an environment where everything is playing by the rules and trying to do the right thing. The drivers will try to support the write-protect switch. Malicious software could use custom or patched drivers to ignore the settings of the switch or anything else. The card reader microcontroller might be responsible for the write protect, which would make it much safer than just being honored by higher-level drivers.