cvs commit: src/sys/dev/md md.c
Pawel Jakub Dawidek
pjd at FreeBSD.org
Mon Aug 29 14:21:23 GMT 2005
On Wed, Aug 17, 2005 at 01:24:55AM +0000, Christian S.J. Peron wrote:
+> csjp 2005-08-17 01:24:55 UTC
+>
+> FreeBSD src repository
+>
+> Modified files:
+> sys/dev/md md.c
+> Log:
+> Ensure that file flags such as schg, sappnd (and others) are honored
+> by md(4). Before this change, it was possible to by-pass these flags
+> by creating memory disks which used a file as a backing store and
+> writing to the device.
+>
+> This was discussed by the security team, and although this is problematic,
+> it was decided that it was not critical as we never guarantee that root will
+> be restricted.
+>
+> This change implements the following behavior changes:
+>
[...]
+> -Do not gracefully downgrade access modes without telling the user. Instead
+> make the user specify their intentions for the device (assuming the file is
+> read only). This seems like the more correct way to handle things.
I don't think so. It already broke some environments (see current@).
I think downgrading to read-only when file system is mounted read-only
should stay.
--
Pawel Jakub Dawidek http://www.wheel.pl
pjd at FreeBSD.org http://www.FreeBSD.org
FreeBSD committer Am I Evil? Yes, I Am!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/cvs-src/attachments/20050829/8aca7869/attachment.bin
More information about the cvs-src
mailing list