Re: How trustworthy is that I/O device?

To: Matt Thomas <matt%3am-software.com@localhost>
Subject: Re: How trustworthy is that I/O device?
From: Manuel Bouyer <bouyer%antioche.eu.org@localhost>
Date: Mon, 11 Nov 2013 22:45:33 +0100

On Wed, Nov 06, 2013 at 02:21:32PM -0800, Matt Thomas wrote:
> 
> On Nov 4, 2013, at 2:34 PM, Erik Fair <fair%netbsd.org@localhost> wrote:
> 
> > All OSes have a problem with USB and potentially all other hot-plug I/O 
> > busses: can you trust the device that was just plugged into the bus? How 
> > much I/O do you permit to it before explicit authorization of some kind?
> 
> I've always wondered why we "trust" file systems and panic they aren't
> what we expect.  We don't do that for networking.  If seems if we encounter
> an inconsistency, we mark the f/s as read-only and either return an error
> or complete the action if possible.

I want this to be a mount option. For non-removable device these errors are
inducations that something misbehaved badly, and a panic is reasonable.
Leaving the system running with a RO fs would make more damage than a panic
("ops I accepted an email but now can't write it to the user's mailbox" :(

-- 
Manuel Bouyer <bouyer%antioche.eu.org@localhost>
     NetBSD: 26 ans d'experience feront toujours la difference
--

References:
- How trustworthy is that I/O device?
  - From: Erik Fair
- Re: How trustworthy is that I/O device?
  - From: Matt Thomas

Prev by Date: Drogi Czytelniku
Next by Date: NetBSD Security Advisory 2013-010: Use after free in Xserver handling of ImageText requests
Previous by Thread: Re: How trustworthy is that I/O device?
Next by Thread: Re: How trustworthy is that I/O device?
Indexes:

Home | Main Index | Thread Index | Old Index