Re: block device lock difference between netbsd-4 and netbsd-5

[Thor Lancelot Simon <tls%panix.com@localhost>]

On Wed, Feb 03, 2010 at 07:44:57AM +0000, Michael van Elst wrote:
> tls%panix.com@localhost (Thor Lancelot Simon) writes:
> 
> >>> You can't open block device more than once in netbsd>  5.0.
> 
> >It was never supposed to work.  Among other things, it's a severe
> >security hole.
> 
> Why is it more of a security hole than accessing the raw device?

I didn't suggest that permitting access to the raw device for mounted
filesystems (or overlapping mounted filesystems) was not a security hole.

It's All Bad.  I don't understand why Elad's change to fix this entire
situation was rejected, but it shouldn't have been.  Any comprehensive
solution which fixes the problem of side-channel I/O to mounted
filesystems will almost certainly have the same effect that's being
objected to here: you won't be able to open the block device twice.

Thor