Date: Tue, 20 Jan 1998 17:17:26 +1100 From: Bruce Evans <bde@zeta.org.au> To: perhaps@yes.no, pst@juniper.net Cc: bde@FreeBSD.ORG, bde@zeta.org.au, dg@FreeBSD.ORG, hackers@FreeBSD.ORG Subject: Re: isdisk() kludge in kernel Message-ID: <199801200617.RAA19133@godzilla.zeta.org.au>
next in thread | raw e-mail | index | archive | help
>Couldn't this be solved the opposite way? > >Default to denying open of character devices with associated block >devices, and a flag to indicate that this device is OK to open in >secure mode? > >Generally, default to denying is the only thing that is likely to >create a secure system. I like this, but not for -stable. The disk flag would still be required to support securelevel 1, where the only restrictions on devices are that /dev/*mem and _disks_ for _mounted_ filesystems may not be opened for writing. Better yet, we could have a flag to indicate that the device is OK to open. It is not OK to open a device with an unmaintained driver :-). Bruce
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199801200617.RAA19133>