Subject: Re: CVS commit: src/sys/secmodel/bsd44
To: None <firstname.lastname@example.org>
From: Elad Efrat <elad@NetBSD.org>
Date: 10/12/2006 22:54:06
Thor Lancelot Simon wrote:
> On Thu, Oct 12, 2006 at 06:23:42PM +0900, YAMAMOTO Takashi wrote:
>>>> what's the semantics of it? "can access any disks"?
>>> Well, I was thinking the semantics should be the "worse case" because we
>>> don't really know anything more than that raw disk access was required
>>> and the access modes -- we can't tell if it's mounted or not, etc.
>> i agree.
>> and it's why i don't think it's a good idea.
>> it's better to require caller to specify a device.
> I agree. Preserving the old securelevel 1 semantics would seem to require
> this, no?
> Those semantics _should_ allow read/write access to unmounted devices
> while protecting the TCB, so it would be nice to be able to keep them.
How do you plan on telling if the device is for a mounted file-system?