Subject: Re: Patch to disallow mounts of unclean FFS unless forced
To: Kamal R Prasad <kamalrpr@in.ibm.com>
From: Robert Elz <kre@munnari.OZ.AU>
List: tech-kern
Date: 10/15/2003 20:40:53
Date: Wed, 15 Oct 2003 18:12:49 +0530
From: Kamal R Prasad <kamalrpr@in.ibm.com>
Message-ID: <OF5004EF37.8C4FE39B-ON65256DC0.00453B69-80256DC0.005E88F2@in.ibm.com>
| If you want to allow a non-root to insert bad media and crash the system,
| that doesn't sound like a good idea
No, of course not, I want to prevent that.
| [but the same is ok if the root is
| allowed to, since he has more ways than one to crash a system].
It is OK if there is some good reason (or if it is very hard to prevent).
But if we can prevent root from accidentally crashing the system, that's
good to do as well.
That is, here there's no specific reason that a root user would be
specifically trying to crash the system by mounting a bad filesys, so
we don't have to go to special lengths to allow that to happen.
Easier is just to prevent bad data in a filesystem from causing a panic,
or other crash, regardless of who mounted it, isn't it?
| Maybe, at mount time - a check can be made by the mount command if it is
| safe to mount a filesystem if an unprivileged user is mounting one.
Then mount would have to be setuid, and now it isn't. In any case, doing
a thorough check like that would be quite difficult, and even then, that
wouldn't provide any protection against bad data growing in the filesystem
due to I/O errors, etc.
kre