Port-i386 archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Please read if you use x86 -current

On Thu, Nov 13, 2008 at 01:50:04PM -0500, der Mouse wrote:
> > A process running as root on _this_ instance of the system is not
> > supposed to be able to alter the state of _future_ instances of the
> > system.
> Doesn't that render upgrading impossible?  (Not that that's relevant to
> the main thread of this discussion.)

No, it requires you to upgrade from single-user mode (that is, at
securelevel 0).  There are various ways to render this non-onerous,
most of which involve signed upgrade images and "upgrade interpreters"
of some kind.

> > In order to use user-space file servers *running as any user*, the
> > user has to allow user access to raw devices.
> You keep repeating this, but repetition won't make it any more correct.

Maybe you keep misunderstanding it.  Or perhaps I keep saying it in a
way that is prone to be misunderstood by you.  See below.

> You have to allow user access to the raw device which is being mounted,
> but you do _not_ have to allow access to anything else.  (Perhaps you
> do at present, but if so that's a problem with the present mechanisms,
> not because it inherently must be so.)

That's exactly what I am saying!  The current code is broken, and there
are several ways to fix it.  But with the current, broken code for
enforcing the security policy, allowing user space filesystem daemons
(ones that have to access raw disks, anyway) basically voids the
no-persistent-compromise guarantee.


Home | Main Index | Thread Index | Old Index