Thor Lancelot Simon <tls@rek.tjls.com> writes:

> Indeed, I'm quite concerned about the security implications of this.  With
> the kernel implementation, userland doesn't have to be able to alter
> partition tables at securelevel > 0 in order for new disks that suddenly
> appear to have their partitions found.  With the proposed split
> implementation, it does -- and thus all of the protection against using
> mounted partitions is lost, because a userland application can simply
> adjust the partition table to be able to write wherever on the disk it
> cares to.

Isn't this handlable by entirely preventing overlapping ranges in the
loaded-by-userland partitions, or at least denying the creation of new
ranges that overlap a currently-mounted one?

        - Nathan