#10017 closed bug (no change required)
Active packages can be modified
| Reported by: | jessicah | Owned by: | nobody |
|---|---|---|---|
| Priority: | normal | Milestone: | R1 |
| Component: | - General | Version: | R1/Package Management |
| Keywords: | Cc: | ||
| Blocked By: | Blocking: | ||
| Platform: | All |
Description
E.g. dd if=/dev/zero of=/system/packages/haiku.hpkg leaves you with a broken Haiku installation. I couldn't even shutdown the system. And the system was no longer bootable (immediately dropped into the boot menu with no Haiku installs detected).
Change History (4)
comment:1 by , 11 years ago
| Resolution: | → no change required |
|---|---|
| Status: | new → closed |
comment:2 by , 11 years ago
Shouldn't package_daemon maintain an exclusive lock on active packages? Surely a flag like O_EXCL would negate such things from happening?
comment:3 by , 11 years ago
If it did that, then the user would no longer be able to do things like easily uninstall packages via drag and drop. As stated before, it's not as if you can't just as easily torch the system a million other ways with dd, and always have been able to on BeOS, Haiku, Linux or pretty much any other *nix-like system, so this really isn't protecting you from anything.
comment:4 by , 11 years ago
There is no kind of locking (on Haiku) that would prevent dd from overwriting a file. We only have advisory locking (fcntl(), flock()). Not sure if Unixes provide any other type -- at least I've never encountered a file I couldn't move, remove, or overwrite on Linux (unlike on Windows).
That's a feature, not a bug. As root you are supposed to be able to destroy your system with
dd. It's just a question of using the proper output file. The system volume block device is a pretty solid bet, but I guess libc would suffice already.