Hi, On Thu, Mar 31 2011, Chris Ball wrote: > But I'm still concerned after your Kconfig options are added, because > I'm just not reassured by Kconfig options in principle, because of the > case where *the person who built the kernel* is not the same as the > *user who is running commands*. Imagine that CyanogenMod (or even > Qualcomm!) distributes a kernel with this Kconfig option turned on -- > because they don't realize how dangerous it is, perhaps, or because they > had a use for it during development -- to see where I'm coming from. Another strawman, after brainstorming a bit on IRC -- how about the block device itself comes up read-only, until you use a module parameter/sysfs entry to make it read-write. As a strawman: echo 1 > /sys/module/mmc_block/boot_partitions_are_writeable (That way people who write to it regularly can throw the module parameter in their boot environment, and the rooting enthusiasts who didn't compile the kernel are safe until they learn enough to be really dangerous..) - Chris. -- Chris Ball <cjb@xxxxxxxxxx> <http://printf.net/> One Laptop Per Child -- To unsubscribe from this list: send the line "unsubscribe linux-mmc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
