Subject: Re: CVS commit: src/sys/secmodel/bsd44
To: YAMAMOTO Takashi <email@example.com>
From: Thor Lancelot Simon <firstname.lastname@example.org>
Date: 10/12/2006 15:56:36
On Thu, Oct 12, 2006 at 06:23:42PM +0900, YAMAMOTO Takashi wrote:
> > > what's the semantics of it? "can access any disks"?
> > Well, I was thinking the semantics should be the "worse case" because we
> > don't really know anything more than that raw disk access was required
> > and the access modes -- we can't tell if it's mounted or not, etc.
> i agree.
> and it's why i don't think it's a good idea.
> it's better to require caller to specify a device.
I agree. Preserving the old securelevel 1 semantics would seem to require
Those semantics _should_ allow read/write access to unmounted devices
while protecting the TCB, so it would be nice to be able to keep them.
Thor Lancelot Simon email@example.com
"We cannot usually in social life pursue a single value or a single moral
aim, untroubled by the need to compromise with others." - H.L.A. Hart