Date: Fri, 1 Apr 2011 12:55:40 -0400 From: Mehmet Erol Sanliturk <m.e.sanliturk@gmail.com> To: Andriy Gapon <avg@freebsd.org> Cc: FreeBSD Hackers <freebsd-hackers@freebsd.org>, Andrew Duane <aduane@juniper.net>, FreeBSD Arch <freebsd-arch@freebsd.org> Subject: Re: looking for error codes Message-ID: <BANLkTik_ypKnZPn1TXT6LwNH%2BX1tO2eu0w@mail.gmail.com> In-Reply-To: <4D95ECDE.1020504@FreeBSD.org> References: <4D95E162.40605@FreeBSD.org> <F98114A0-0C00-46EF-BD0C-E48F97FFF3E1@bsdimp.com> <AC6674AB7BC78549BB231821ABF7A9AEB52F1950BB@EMBX01-WF.jnpr.net> <4D95ECDE.1020504@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Apr 1, 2011 at 11:18 AM, Andriy Gapon <avg@freebsd.org> wrote: > on 01/04/2011 18:04 Andrew Duane said the following: > > AFAIK, FreeBSD does not really detect read-only media. This was something > I had to add as a small project here at work, and was considering cleaning > up to try to get into CURRENT. If there's a real need for it, I could speed > that up. > > > > Yes, that's exactly the problem that I am looking at. > So if you have anything to share it will be greatly appreciated at least by > me. > But I think many more people could benefit from it (e.g. those having > SD/SDHC/etc > cards). > Thanks! > > > ________________________________________ > > From: owner-freebsd-hackers@freebsd.org [ > owner-freebsd-hackers@freebsd.org] On Behalf Of Warner Losh [ > imp@bsdimp.com] > > Sent: Friday, April 01, 2011 10:51 AM > > To: Andriy Gapon > > Cc: FreeBSD Hackers; FreeBSD Arch > > Subject: Re: looking for error codes > > > > On Apr 1, 2011, at 8:29 AM, Andriy Gapon wrote: > > > >> > >> I am looking for error codes that would unambiguously signal that a disk > drive has > >> readonly or write-protected media and that disk drive has no media at > the moment. > >> I foresee these error codes being used mostly between disk peripheral > drivers and > >> filesystem drivers. > >> > >> I will appreciate your suggestions. > >> > >> P.S. > >> I see that Linux uses EROFS and ENOMEDIUM for these purposes. > >> I am not sure about EROFS in this role. > >> And we don't have ENOMEDIUM (nor EMEDIUMTYPE). > > > > Maybe we could add ENOMEDIA for that (spelled however Linux spells it) > after EDAVE. > > -- > Andriy Gapon > For a long time I am thinking to obtain a physically ( not only software ) based FreeBSD edition by re-arranging some parts of it , but I do not know how to do it . Such an approach requires separation of FreeBSD into two parts : Read-Only parts and modifiable parts . The core software will be in the read-only part and data files will be in modifiable parts . This will require a new directory structure and partition scheme . At that point , I want to mention my a previously applied approach to such a problem . During 1990 years I was managing computer laboratories of a university department having *DOS systems . Maintenance of software on these computers was impossible due to malicious software . In those days , there were MFM hard disks : Their controllers were separate from their disks as add-on cards , and its cables have two lines among others : One is READ from disk , another WRITE to disk . I have attached rocker switches to WRITE lines of the controller cables . After installations of software , I was disconnecting WRITE line rocker switch and supply the computer for usage . The students were required to boot the computer to eliminate possibility of malicious software invasion of the memory before beginning to study and to use diskettes for data read-write . The main usage was to connect to the main frame of the university . After application of the above protection scheme , the students and others were able to use the computers safely and continuously without any interruption or harm due to malicious software . Data storage into the local personal computers were not important because of usability of main frame of the university . After some years , MFM hard disks abandoned in favor of IDE ( Integrated Drive Electronics ) hard disks by moving controller to hard disk and eliminating use of add-on cards with a very unfortunate design decision as ( a write protect mechanism by a switch on the hard disks are not implemented ) . With respect to my knowledge , no one of the operating systems has a facility to separate read-only and modifiable parts . This feature is making operating systems a very vulnerable targets for wicked persons for malicious attacks . Software protections are not able to prevent this problem because it is impossible to design an error-free software system , especially a very complex system such as an operating system . Up to a few months before , I could not be able to obtain a physical security policy when I accidentally study SDHC cards . Reason of my study was a wish to obtain a more cheaper medium for my frequent operating system installations on USB sticks because USB sticks are much more expensive from hard disks with respective to per giga byte cost . SDHC cards have WRITE-PROTECT mechanism which may be used to protect an operating system physically , IF we can obtain an operating system divisible into two parts as read-only ( software and configuration files , user definitions , etc. ) and modifiable ( data files ) . There are Live DVD/CD operating systems but I do not know that any one of them has a facility to allow to use an external file system usage for continuous usability . I have learned the presence of Puppy Linux from mails : http://puppylinux.org/main/Overview%20and%20Getting%20Started.htm The Puppy Linux has a WONDERFUL Live CD facility : It uses a ram disk during its working . At the end of the session , when a shutdown is requested it is asking to user whether the session will be saved or not . If the Puppy Linux is recorded onto a DVD and writing to DVD is NOT closed , it is possible to burn session data incrementally onto DVD up to a closing of writing . In that way , it is possible to customize working of the Live DVD/CD incrementally . By using such a facility , it is possible to rearrange a physically secure operating system : (1) Install the operating system . Boot it and set its parameters . Write those parameters to its configuration files and close it . Use a DVD-ROM ( not DVD Re-Write ) drive for absolute protection . If speed is important and there is no DVD-ROM , use a SDHC card : (2) Protect it by its write protect switch in SDHC cards after installation and setting parameters . For subsequent usages , use other external drives for data processing ( read - write ) only without any possibility of loading any executable from them . When it is necessary to perform a secure operation , just boot the computer to clean the possible memory invasion of malicious software . For the upgrades : Use a sterile computer ( as not connected to external sources to prevent from possible pollution ) , prepare an upgraded version , write-protect it , insert it into production computer which is exposed to external world by replacing the older version part. By separating directories into distinct drives , it is possible to upgrade only a required part as write protected : .../user_definitions : Important for installations which have a large number of users such as schools , and companies with a large number of employees or users of the computer ( server ) . .../packages : .../configurations : .../operating_system : .../boot_manager : The following parts may be assigned to modifiable drives : /home /var /tmp /swap and possible others . As a summary : It is necessary to have - A new partition structure with ability to assigning parts to distinct drives referenced by names , - Distinction between read-only and modifiable parts where they are assignable to physically different drives referenced by names , ( not by physically encoded drive numbers with respect to attached slot of the computer ) - and other related modifications not mentioned here or not recognized at present by me . I am sorry to present an off-topic subject into this thread , but to obtain such a facility , it is necessary to be able to detect structure of drives and use that structure appropriately . Thank you very much . Mehmet Erol Sanliturk
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BANLkTik_ypKnZPn1TXT6LwNH%2BX1tO2eu0w>