On Thu, Mar 10, 2016 at 08:48:21AM -0700, Theo de Raadt wrote: > The reason for these checks is because they protect the kernel, > and they identify a program that does the wrong thing. Here, a > program did the wrong thing. I am 100% in agreement that opendev > may not be the right place to do this. That kind of stems from > the design of opendev regarding DUID conversion.... I think we all > knew that wasn't the best design early on, but we needed to get > that going, before the rest of the DUID subsystem could work...
???? If it's opendev that does the check, where should it be done ? Right now krw added checks in both disklabel AND fdisk to prevent the issue from coming up. BUT both those do opendev upfront, so it's really duplicated code. The other thing that (in my opinion) makes sense would be to duplicate the way ttys are handled, e.g., we've got a isatty library call that validates an fd so that further tty(4) ioctl will work. Maybe this is what's needed, or something similar. I don't think leaving the check to the individual programs is a good solution. I just stumbled on fdisk/disklabel being slightly broken by accident... after a few months of pledge(2) testing.
