looking for error codes
Mehmet Erol Sanliturk
m.e.sanliturk at gmail.com
Fri Apr 1 16:55:42 UTC 2011
On Fri, Apr 1, 2011 at 11:18 AM, Andriy Gapon <avg at freebsd.org> wrote:
> on 01/04/2011 18:04 Andrew Duane said the following:
> > AFAIK, FreeBSD does not really detect read-only media. This was something
> I had to add as a small project here at work, and was considering cleaning
> up to try to get into CURRENT. If there's a real need for it, I could speed
> that up.
> Yes, that's exactly the problem that I am looking at.
> So if you have anything to share it will be greatly appreciated at least by
> But I think many more people could benefit from it (e.g. those having
> > ________________________________________
> > From: owner-freebsd-hackers at freebsd.org [
> owner-freebsd-hackers at freebsd.org] On Behalf Of Warner Losh [
> imp at bsdimp.com]
> > Sent: Friday, April 01, 2011 10:51 AM
> > To: Andriy Gapon
> > Cc: FreeBSD Hackers; FreeBSD Arch
> > Subject: Re: looking for error codes
> > On Apr 1, 2011, at 8:29 AM, Andriy Gapon wrote:
> >> I am looking for error codes that would unambiguously signal that a disk
> drive has
> >> readonly or write-protected media and that disk drive has no media at
> the moment.
> >> I foresee these error codes being used mostly between disk peripheral
> drivers and
> >> filesystem drivers.
> >> I will appreciate your suggestions.
> >> P.S.
> >> I see that Linux uses EROFS and ENOMEDIUM for these purposes.
> >> I am not sure about EROFS in this role.
> >> And we don't have ENOMEDIUM (nor EMEDIUMTYPE).
> > Maybe we could add ENOMEDIA for that (spelled however Linux spells it)
> after EDAVE.
> Andriy Gapon
For a long time I am thinking to obtain a physically ( not only software )
based FreeBSD edition by re-arranging some parts of it , but I do not know
how to do it . Such an approach requires separation of FreeBSD into two
parts : Read-Only parts and modifiable parts . The core software will be in
the read-only part and data files will be in modifiable parts . This will
require a new directory structure and partition scheme .
At that point , I want to mention my a previously applied approach to such a
During 1990 years I was managing computer laboratories of a university
department having *DOS systems .
Maintenance of software on these computers was impossible due to malicious
software . In those days , there were MFM hard disks : Their controllers
were separate from their disks as add-on cards , and its cables have two
lines among others : One is READ from disk , another WRITE to disk . I have
attached rocker switches to WRITE lines of the controller cables . After
installations of software , I was disconnecting WRITE line rocker switch and
supply the computer for usage .
The students were required to boot the computer to eliminate possibility of
malicious software invasion of the memory before beginning to study and to
use diskettes for data read-write . The main usage was to connect to the
main frame of the university .
After application of the above protection scheme , the students and others
were able to use the computers safely and continuously without any
interruption or harm due to malicious software . Data storage into the local
personal computers were not important because of usability of main frame of
the university .
After some years , MFM hard disks abandoned in favor of IDE ( Integrated
Drive Electronics ) hard disks by moving controller to hard disk and
eliminating use of add-on cards with a very unfortunate design decision as (
a write protect mechanism by a switch on the hard disks are not implemented
With respect to my knowledge , no one of the operating systems has a
facility to separate read-only and modifiable parts . This feature is making
operating systems a very vulnerable targets for wicked persons for malicious
attacks . Software protections are not able to prevent this problem because
it is impossible to design an error-free software system , especially a very
complex system such as an operating system .
Up to a few months before , I could not be able to obtain a physical
security policy when I accidentally study SDHC cards . Reason of my study
was a wish to obtain a more cheaper medium for my frequent operating system
installations on USB sticks because USB sticks are much more expensive from
hard disks with respective to per giga byte cost . SDHC cards have
WRITE-PROTECT mechanism which may be used to protect an operating system
physically , IF we can obtain an operating system divisible into two parts
as read-only ( software and configuration files , user definitions , etc. )
and modifiable ( data files ) .
There are Live DVD/CD operating systems but I do not know that any one of
them has a facility to allow to use an external file system usage for
continuous usability . I have learned the presence of Puppy Linux from
The Puppy Linux has a WONDERFUL Live CD facility : It uses a ram disk during
its working . At the end of the session , when a shutdown is requested it is
asking to user whether the session will be saved or not . If the Puppy Linux
is recorded onto a DVD and writing to DVD is NOT closed , it is possible to
burn session data incrementally onto DVD up to a closing of writing . In
that way , it is possible to customize working of the Live DVD/CD
By using such a facility , it is possible to rearrange a physically secure
operating system :
(1) Install the operating system . Boot it and set its parameters . Write
those parameters to its configuration files and close it . Use a DVD-ROM (
not DVD Re-Write ) drive for absolute protection .
If speed is important and there is no DVD-ROM , use a SDHC card :
(2) Protect it by its write protect switch in SDHC cards after installation
and setting parameters .
For subsequent usages , use other external drives for data processing ( read
- write ) only without any possibility of loading any executable from them .
When it is necessary to perform a secure operation , just boot the computer
to clean the possible memory invasion of malicious software .
For the upgrades : Use a sterile computer ( as not connected to external
sources to prevent from possible pollution ) , prepare an upgraded version ,
write-protect it , insert it into production computer which is exposed to
external world by replacing the older version part.
By separating directories into distinct drives , it is possible to upgrade
only a required part as write protected :
.../user_definitions : Important for installations which have a large
number of users such as schools , and companies with a large number of
employees or users of the computer ( server ) .
The following parts may be assigned to modifiable drives :
and possible others .
As a summary :
It is necessary to have
- A new partition structure with ability to assigning parts to distinct
drives referenced by names ,
- Distinction between read-only and modifiable parts where they are
assignable to physically different drives referenced by names ,
( not by physically encoded drive numbers with respect to attached slot of
the computer )
- and other related modifications not mentioned here or not recognized at
present by me .
I am sorry to present an off-topic subject into this thread , but to obtain
such a facility , it is necessary to be able to detect structure of drives
and use that structure appropriately .
Thank you very much .
Mehmet Erol Sanliturk
More information about the freebsd-hackers