Re: [PATCH v2 31/34] block: use file->f_op to indicate restricted writes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Jan 30, 2024 at 09:32:13AM +0100, Christoph Hellwig wrote:
> On Mon, Jan 29, 2024 at 06:09:37PM +0100, Christian Brauner wrote:
> > I don't think it's that bad and is temporary until we can
> > unconditionally disable writing to mounted block devices. Until then we
> > can place all of this under #if IS_ENABLED(CONFIG_BLK_DEV_WRITE_MOUNTED)
> > in a single location in block/fops.c so its nicely encapsulated and
> > confined.
> 
> Oh well.  If Jens is fine with this I can live with it even if I don't
> like it too much.  I'll probably just clean it up as a follow up.
> 
> OTOH I fear we won't be able to unconditionally disable writing to
> mounted block devices anytime soon if ever.

One my dream. Put another way, if we don't even allow us to think that
we can remove insecure functionality in the future then we have to
accept that we'll be piling on #ifdefine's and mostly unused code
forever which is just sad. :/

I'm hopeful that writing to mounted block devices is something that we
can make all major distros move away from. We should start just because
we need to figure out what tools do actually try to do stuff like that.




[Index of Archives]     [Linux RAID]     [Linux SCSI]     [Linux ATA RAID]     [IDE]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Device Mapper]

  Powered by Linux