Subject: Re: new kpi proposal, sysdisk(9)
To: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
From: Elad Efrat <elad@NetBSD.org>
List: tech-kern
Date: 01/08/2007 13:16:58
YAMAMOTO Takashi wrote:
> i'm thinking something like this:
>
> disk_userlist_t *list;
> error = diskuserlist_query(vp, &list);
> ...
> diskuserlist_foreach(iterator, list) {
> if (diskuser_is_a(iterator, "swap")) {
> /* the partition is used as swap */
> ...
> }
> }
> ...
> diskuserlist_done(list);
this is what each piece of code that wants to query will have to do?
(I hope this is the query routine itself. :)
>> http://nxr.netbsd.org/source/xref/sys/kern/kern_verifiedexec.c#835
>
> i don't understand the comment. can you explain?
sure. let's say you run a system with veriexec strict level 1. it won't
deny raw disk access, even to mounts it monitors, so you can just open
the disk for read/write. then, when strict level is raised, we
supposedly have to block raw disk access, but an attacker might already
have a descriptor.
so what I suggested is to keep track of "number of raw disk users" and
just make veriexec not cache the evaluation result if this number is
> 0.
-e.