Subject: Re: disklabel(8) and machdep on-disk structures issues
To: None <,>
From: Thor Lancelot Simon <>
List: tech-security
Date: 11/08/2003 01:46:46
On Sat, Nov 08, 2003 at 04:11:20PM +1100, Luke Mewburn wrote:
> I still think we should change DIOCWDINFO to write the raw label,
> even if there is no raw label.  Currently DIOCWDINFO will fail
> if the raw label doesn't exist.  (See disklabel(5)).
> Each port can then ensure that it updates its NetBSD disklabel, and
> if necessary update the "vendor"/"PROM" label (e.g, on Sun boxes).
> disklabel(8) would have all "write to the actual sectors of the raw label"
> support removed.
> (For that matter, it should have the '-B' (bootblock) stuff removed as well.)
> This all should be ok if the securelevel is enforced appropriately

I agree -- I like encapsulating this code in one place, and only one place;
and we can then prohibit user writes of the disklabel sectors all the time,
no matter what, which also gives me a warm fuzzy feeling (and will make it
easier to validate that each port's disksubr.c DTRT).

 Thor Lancelot Simon	                            
   But as he knew no bad language, he had called him all the names of common
 objects that he could think of, and had screamed: "You lamp!  You towel!  You
 plate!" and so on.              --Sigmund Freud