Re: ide-cd problems - Jens Axboe

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jens Axboe <axboe@suse.de>
To: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: Zinx Verituse <zinx@epicsol.org>,
	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: ide-cd problems
Date: Mon, 9 Aug 2004 10:49:17 +0200	[thread overview]
Message-ID: <20040809084916.GR10418@suse.de> (raw)
In-Reply-To: <1091887718.18407.51.camel@localhost.localdomain>

On Sat, Aug 07 2004, Alan Cox wrote:
> On Gwe, 2004-08-06 at 15:32, Jens Axboe wrote:
> > That's the case I don't agree with, and why I didn't like the idea
> > originally. That suddenly requires a patching of the kernel because of
> > new commands in new devices. Like when dvd readers became common, you
> > can't just require people to update their kernel because a few new
> > commands are needed to drive them from user space.
> 
> I'm stunning we are even having this argument. You are talking about
> what appes to be a hardware destruction enabling security level bug in
> the 2.6 kernel and arguing about whether it is a feature or not.

Alan, stop putting words into my mouth. I'm not saying it's a feature.

> In essence you are saying read access to any raw device node entitles
> the opener of the file to destroy the attached device (device even not
> just media). You are arguing that its ok that I can use raw scsi I/O to
> subvert the read/write permissions too.

In essence, yes. I'm arguing that it's not easily doable to
differentiate between destructive and non-destructive commands. And that
doing so requires extensive tables because commands are not the same
across devices.

I'm not saying that I think it's a good thing! Or a feature, for that
matter. I'm just arguing the feasibility of doing it, the maintenance
involved, etc.

> In the example code I gave
> 
> >               default:
> >                       if(capable(CAP_SYS_RAWIO))
> >                       /* Only administrators get to do arbitary things
> */
> > 
> 
> means there is no need to recompile anything, you just need priviledges
> to do stuff the kernel doesn't *know* is safe. This is the correct
> behaviour for people who don't live in cloud cuckoo land.

I'm well aware of the implications. The argument is only whether it's ok
to policy filter unknown commands. I guess with capability elevating the
app until the kernels are modified it would be ok, at least it enables
the apps to work for root.

-- 
Jens Axboe

next prev parent reply	other threads:[~2004-08-09  8:50 UTC|newest]

Thread overview: 52+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-07-30 19:36 ide-cd problems Zinx Verituse
2004-07-31 15:36 ` Jens Axboe
2004-07-31 18:27   ` Zinx Verituse
2004-07-31 20:00     ` Jens Axboe
2004-07-31 21:02       ` Zinx Verituse
2004-08-01  4:07         ` Alexander E. Patrakov
2004-08-01 15:57           ` Jens Axboe
2004-08-02  3:20             ` Horst von Brand
2004-08-02 12:25               ` Jens Axboe
2004-08-02 20:44               ` Bill Davidsen
2004-08-02 13:45             ` tabris
2004-08-02 13:56               ` Jens Axboe
2004-08-02 14:26                 ` Andreas Metzler
2004-08-02 14:33                   ` Jens Axboe
2004-08-02 14:38                 ` tabris
2004-08-02 14:50                   ` Jens Axboe
2004-08-02 16:30           ` Bill Davidsen
2004-08-03  7:17             ` Jens Axboe
2004-08-02 17:16         ` Zinx Verituse
2004-08-05  5:40         ` Jens Axboe
2004-08-05 21:06           ` Alan Cox
2004-08-06  5:44             ` Jens Axboe
     [not found]               ` <20040806062331.GE10274@suse.de>
2004-08-06 12:14                 ` Alan Cox
2004-08-06 14:32                   ` Jens Axboe
2004-08-06 15:14                     ` Charles Cazabon
2004-08-06 15:13                       ` Jens Axboe
2004-08-07 14:01                       ` Alan Cox
2004-08-06 17:26                     ` dleonard
2004-08-06 22:47                       ` Jens Axboe
2004-08-07 14:04                         ` Alan Cox
2004-08-07 21:54                           ` Alan Cox
2004-08-07  3:11                     ` Jason L Tibbitts III
2004-08-09  8:39                       ` Jens Axboe
2004-08-07 14:08                     ` Alan Cox
2004-08-09  8:49                       ` Jens Axboe [this message]
2004-08-02 23:54       ` Alan Cox
2004-08-03  5:53         ` Jens Axboe
2004-08-03 16:17           ` Zinx Verituse
2004-08-04  5:01             ` Jens Axboe
2004-08-05 15:52               ` Alan Cox
2004-08-05 17:46                 ` Jens Axboe
2004-08-05 20:58                   ` Alan Cox
2004-08-05 18:53                 ` Bill Davidsen
2004-08-05 18:46           ` Bill Davidsen
2004-08-05 19:35             ` Jens Axboe
2004-08-05 21:02               ` Alan Cox
2004-08-06  5:42                 ` Jens Axboe
2004-08-03 15:28         ` Doug Maxey
2004-08-03 17:28           ` Alan Cox
2004-08-09 20:24       ` Bill Davidsen
2004-08-02 16:41   ` Bill Davidsen
2004-08-03 15:50     ` Horst von Brand

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20040809084916.GR10418@suse.de \
    --to=axboe@suse.de \
    --cc=alan@lxorguk.ukuu.org.uk \
    --cc=linux-kernel@vger.kernel.org \
    --cc=zinx@epicsol.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.