Port-i386 archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Please read if you use x86 -current
On Thu Nov 13 2008 at 14:04:41 -0500, Thor Lancelot Simon wrote:
> That's exactly what I am saying! The current code is broken, and there
> are several ways to fix it. But with the current, broken code for
> enforcing the security policy, allowing user space filesystem daemons
> (ones that have to access raw disks, anyway) basically voids the
> no-persistent-compromise guarantee.
So what you're saying is that NetBSD securelevels<2 are broken because
they allow raw disk access. I don't see anything specific to userspace
file servers.
Since mounting a file system is disallowed with securelevel>=2, once
again I don't see how this is specific to userspace file servers.
Except, in securelevel2 you can still use things like fsu_utils for
read-only access to e.g. USB sticks, which is *better* than what you
could do without a process-local file server.
Realistically, how many people even want to mount a usb stick on a machine
running securelevel2? I don't think calling something totally broken
because it affects 0.00001% of the users is quite the right thing to do.
The main scenario for removable media is desktops and laptops.
Home |
Main Index |
Thread Index |
Old Index