Re: Please read if you use x86 -current

[Thor Lancelot Simon <tls%rek.tjls.com@localhost>]

On Thu, Nov 13, 2008 at 09:36:03PM +0200, Antti Kantee wrote:
> On Thu Nov 13 2008 at 14:04:41 -0500, Thor Lancelot Simon wrote:
> > That's exactly what I am saying!  The current code is broken, and there
> > are several ways to fix it.  But with the current, broken code for
> > enforcing the security policy, allowing user space filesystem daemons
> > (ones that have to access raw disks, anyway) basically voids the
> > no-persistent-compromise guarantee.
> 
> So what you're saying is that NetBSD securelevels<2 are broken because
> they allow raw disk access.  I don't see anything specific to userspace
> file servers.

No, I'm saying that this was intended to work safely at securelevel 1 but
was implemented wrong.  The point is that userspace fileservers require
raw disk access and thus can't be used at securelevel 2 (where you get
the persistent-compromise guarantees), which is very unfortunate.

The sensible place to put effort is into fixing securelevel 1 disk access
semantics, it seems to me, not into making userspace fileserver work at
securelevel 2.

-- 
Thor Lancelot Simon                                        
tls%rek.tjls.com@localhost
    "Even experienced UNIX users occasionally enter rm *.* at the UNIX
     prompt only to realize too late that they have removed the wrong
     segment of the directory structure." - Microsoft WSS whitepaper