Current-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Please read if you use x86 -current
>>> Unfortunately, this requires giving user code access to raw disks,
>>> which poses essentially the same set of security risks in the long
>>> term.
>> How exactly did you arrive at that conclusion?
> If user code can overwrite your root filesystem by accessing the
> wrong disk sectors [...]
If "giving...access to raw disks" is an all-or-nothing proposition,
that is, if you can't grant access to one disk without granting access
to all, you're right.
But I see no reason why granting access to (say) sd0* has to also grant
access to wd* or sd1*, or why granting access to sd0e has to also grant
access to sd0[^e]. Certainly using chmod today doesn't do either, and
I can imagine ways (such as passing an already-open fd when the kernel
invokes the handler) which have essentially no risk beyond what is
truly necessary for the filesystem handler to do its job. (There's
still the overlapping-partition question, but there is no way to make
that one go away short of outright forbidding overlapping partitions,
since a mount for write _must_ be able to write to its partition.)
/~\ The ASCII Mouse
\ / Ribbon Campaign
X Against HTML mouse%rodents-montreal.org@localhost
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
Home |
Main Index |
Thread Index |
Old Index