On Thu, Mar 31, 2011 at 3:03 PM, Chris Ball <cjb@xxxxxxxxxx> wrote: > Hi, > > On Thu, Mar 31 2011, Chris Ball wrote: >> But I'm still concerned after your Kconfig options are added, because >> I'm just not reassured by Kconfig options in principle, because of the >> case where *the person who built the kernel* is not the same as the >> *user who is running commands*. Imagine that CyanogenMod (or even >> Qualcomm!) distributes a kernel with this Kconfig option turned on -- >> because they don't realize how dangerous it is, perhaps, or because they >> had a use for it during development -- to see where I'm coming from. > > Another strawman, after brainstorming a bit on IRC -- how about > the block device itself comes up read-only, until you use a module > parameter/sysfs entry to make it read-write. As a strawman: > > echo 1 > /sys/module/mmc_block/boot_partitions_are_writeable > > (That way people who write to it regularly can throw the module parameter > in their boot environment, and the rooting enthusiasts who didn't compile > the kernel are safe until they learn enough to be really dangerous..) Sure, I like this, I'll do it. A -- To unsubscribe from this list: send the line "unsubscribe linux-mmc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
