Background fsck is broken
Matthias Andree
ma at dt.e-technik.uni-dortmund.de
Wed Dec 15 03:09:25 PST 2004
"Poul-Henning Kamp" <phk at phk.freebsd.dk> writes:
> In message <20041215105326.GO25967 at ip.net.ua>, Ruslan Ermilov writes:
>
>>Are you saying it's not possible to downgrade the open to
>>(r=1, w=0, e=0) when a file system is downgraded from R/W to R/O?
>
> Yes: that would make a read-only mounted filesystem vulnerable to
> overwriting through the /dev entry and we don't want that.
>
> The problem is that we do not in the kernel know if we are in single
> user mode or not.
What difference does this make? Aren't secure levels or mandatory access
control and similar schemes sufficient to prevent tampering with direct
device access?
Why would not root be allowed to nuke a read-only mounted file system?
root has other means to trash a system, including writing junk into the
hardware registers.
On my wishlist, I've always wanted a "networked single user mode"
(i. e. only sshd running, only root login with key possible), and I've
always wondered why the whole system recovery is focused so much on the
principle of a "single-user console".
--
Matthias Andree
More information about the freebsd-current
mailing list