On Thu, 19 Dec 2002, Thor Lancelot Simon wrote:

> On Thu, Dec 19, 2002 at 03:27:09PM -0800, Jonathan Stone wrote:
> > In message <20021220000754.A18539@vaasje.org>Frank van der Linden writes
> > >No it doesn't, Bill's proposal includes a utility that grovels the
> > >disk and *finds all partitions for you of all types* and then
> > >configures disk device nodes for them.
> >
> > Frank, the part which says ``run a special userspace utility?''
> > is a big step *backwards*.
> >
> > Try inserting an MBR-labelled CF into a USB CF reader.  Or inserting
> > the same CF into an IDE laptop slot, via a CF-to-PCMCIA mechanical adaptor.
>
> Indeed, I'm quite concerned about the security implications of this.  With
> the kernel implementation, userland doesn't have to be able to alter
> partition tables at securelevel > 0 in order for new disks that suddenly
> appear to have their partitions found.  With the proposed split
> implementation, it does -- and thus all of the protection against using
> mounted partitions is lost, because a userland application can simply
> adjust the partition table to be able to write wherever on the disk it
> cares to.

Hmmm...

I see two possabilities here.

1) my idea for boot support would be that there would be code in the
kernel capable of reading a few of the partitioning schemes. I envision it
for the ones a port uses to boot. We could though also use it to read some
info off of a disk.

2) work on some way to try and secure the disklabep/diskpart/wedge
loading. Say add a token to the kqueue event describing the insertion, and
requiring that token be used for loading the info.

Just initial thoughts.

Take care,

Bill