Subject: Re: Patch to disallow mounts of unclean FFS unless forced
To: None <tech-kern@netbsd.org>
From: Kamal R Prasad <kamalrpr@in.ibm.com>
List: tech-kern
Date: 10/15/2003 18:12:49
    Date:        Wed, 15 Oct 2003 11:35:08 +0200 (CEST)
    From:        Karl Janmar <karl@utopiafoundation.org>
    Message-ID: 
<Pine.NEB.4.58.0310151112370.21387@atoll.utopiafoundation.org>

  | This says if somebody puts in expensive checks, make them optional.
  | The need for expensive checks differs for different scenarios.

>No, don't do that - the cost of testing whether or not to do the test
>is likely to be comparable with the cost of most of the tests that
>need to be done.

If you want to allow a non-root to insert bad media and crash the system, 
that doesn't sound like a good idea [but the same is ok if the root is 
allowed to, since he has more ways than one to crash a system].

>der Mouse was exaggerating what is needed - the kernel doesn't need to
>be able to detect file system errors, let alone fix them, it just needs
>to protect itself from crashing.   It doesn't even need to protect the
>filesystem from further corruption (which is why I'd personally only 
allow
>read only non-root forced mounts, not read write - that is an aspect of
>"protect the user from himself").

Maybe, at mount time - a check can be made by the mount command if it is 
safe to mount a filesystem if an unprivileged user is mounting one.

regards
-kamal