tech-security: Re: NetBSD Security Advisory 2000-001

Subject: Re: NetBSD Security Advisory 2000-001
To: Soren S. Jorvang <soren@wheel.dk>
From: Chris G. Demetriou <cgd@netbsd.org>
List: tech-security
Date: 02/15/2000 20:01:14
To: "Soren S. Jorvang" <soren@wheel.dk>
Cc: tech-security@netbsd.org
Subject: Re: NetBSD Security Advisory 2000-001
References: <14505.23693.773699.404104@passion.geek.com.au> <x6zot2w3h2.fsf@reddwarf.rightnowtech.com> <20000215230900.A6739@antioche.lip6.fr> <x6itzqw0di.fsf@reddwarf.rightnowtech.com> <20000215235049.A6841@antioche.lip6.fr> <20000215235639.B18825@gnyf.wheel.dk> <87g0utgb84.fsf@redmail.netbsd.org> <20000216031307.A20476@gnyf.wheel.dk> <873dqtg9g0.fsf@redmail.netbsd.org> <20000216045017.A21387@gnyf.wheel.dk>
From: cgd@netbsd.org (Chris G. Demetriou)
Date: 15 Feb 2000 20:01:14 -0800
In-Reply-To: "Soren S. Jorvang"'s message of Wed, 16 Feb 2000 04:50:17 +0100
Message-ID: <87d7pxeqyd.fsf@redmail.netbsd.org>
Lines: 49

"Soren S. Jorvang" <soren@wheel.dk> writes:
> (There is also the problem that filesystem writes must have
> considered everything before the code is configured in GENERIC,
> which I think is a bit unreasonable; user mounts wouldn't be less
> of a problem if you specify which ones could be user mounted.)

This isn't true.  file system writers simply have to drop a snippet of
code into their file system which checks for the right things.

Unfortunately, not all file systems which have been around for a while
which allow user mounts (e.g. even ffs) have been vetted for possible
problems.  However, that doesn't mean that The Right Thing To Do is to
turn off the feature by default.  The right thing is to fix the file
systems, or disable the feature specifically for them if they can't
easily be fixed.  8-)


> The biggest known problem is the annoyance caused by things like
> filesystems mounted on removable media that's no longer there.

This is a hard problem.  (I've run into it with CF cards on one of my
boxes.)  Of course, does the automounter really make life better here?
(things'll get unmounted eventually, i guess, if there's nothing
keeping them from being unmounted in the file system.)

I suppose the question here is, "what's the actual problem, and what's
the right solution."

the problems that I see are things around trying to use the devices
after they're gone.

I'd say the right thing to here is:

traverse the mount list in order of most to least recently mounted.
(in other words, from deepest to least deep.)  For each file system:

	* if it's one on the device which has been forcibly removed,
	  forcibly unmount it.
	* if it's one that was mounted on a dir on the device which
	  has been forcibly removed, unmount it (w/o force).

That would seem to me to do the right thing...



cgd
-- 
Chris Demetriou - cgd@netbsd.org - http://www.netbsd.org/People/Pages/cgd.html
Disclaimer: Not speaking for NetBSD, just expressing my own opinion.