Subject: Re: new kpi proposal, sysdisk(9)
To: Bill Studenmund <wrstuden@NetBSD.org>
From: Steven M. Bellovin <smb@cs.columbia.edu>
List: tech-kern
Date: 12/31/2006 11:42:59
On Sat, 30 Dec 2006 23:27:33 -0800
Bill Studenmund <wrstuden@NetBSD.org> wrote:

> On Sat, Dec 30, 2006 at 11:10:37PM -0500, der Mouse wrote:
> > > Now, with disklabels, you can load a brand new disklabel into the
> > > kernel (I hope it complains, but I am not sure).  But if you can
> > > do that, you can do anything.  That door we must close. :-)
> > 
> > Fine, provided the admin can either open it again or configure
> > things to not close it.  I use that capability too much to be
> > comfortable with removing it entirely.  (Not often, and mostly when
> > doing things like migrating from one disk to another.  But often
> > enough that it would be a right royal - even if only occasional -
> > PITA to lsoe it entirely.)
> 
> Sorry, yes, this either would be an at-secure-level (or having set a
> bit in the kauth bit mask replacing securelevel) thing or there'd be
> some other knob. Yes, when you're installing, you should be able to
> do a lot more than you can do in production.
> 
That's good, but we should think about other cases.  The NetBSD
installation guide tells you to create overlapping partitions to handle
dumps in a RAIDframe environment; adding grub to the mix makes that
even worse.  On a system I'm setting up now, for example, partition 'a'
is RAID, 'b' points to the swap area inside 'a' to handle panic dumps,
and 'e' points to the same area as raid0a for use by grub.  I don't
like any of this -- heck, disklabel doesn't like it, either, and warns
me about the overlaps -- but there are not great ways around it, either.

		--Steve Bellovin, http://www.cs.columbia.edu/~smb