From: Elias da Silva <silva@aurigatec.de>
To: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: Jens Axboe <axboe@suse.de>, lkml <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] drivers/block/scsi_ioctl.c, Video DVD playback support
Date: Tue, 25 Jan 2005 16:52:51 +0100 [thread overview]
Message-ID: <200501251652.51452.silva@aurigatec.de> (raw)
In-Reply-To: <1106656675.14787.10.camel@localhost.localdomain>
On Tuesday 25 January 2005 13:44, you wrote:
: On Maw, 2005-01-25 at 09:29, Elias da Silva wrote:
: > On Tuesday 25 January 2005 01:01, you wrote:
: > Yes, sometimes you have to risk broken software in favor of augmented
: > security, but so far we only have broken software.
:
: Well let me see in 2.6.5 if you could read open the block device at all
: you could erase the drive firmware. I think we've significantly improved
: security actually.
Alan, please don't let us loose focus!
I'm talking about the classification of the opcodes
a. GPCMD_SEND_KEY and
b. GPCMD_SET_STREAMING
as only "save for write" in scsi_ioctl.c:verify_command()
since kernel version 2.6.8.
The intended security improvements of this restriction can be
completed circumvented by using
a. cdrom_ioctl (..., DVD_AUTH,...) instead of
b. cdrom_ioctl (..., CDROM_SEND_PACKET,...)
so the result is as described:
"no security improvements at the cost of broken software".
The changes looked random to me and I would like to see
a clear concept, which would drive the necessary changes for
improved security and stability.
I'm putting my finger on some loose ends below drivers/cdrom,
drivers/ide and drivers/block.
Regards,
Elias
next prev parent reply other threads:[~2005-01-25 15:57 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-01-22 2:27 [PATCH] drivers/block/scsi_ioctl.c, Video DVD playback support Elias da Silva
2005-01-24 8:36 ` Jens Axboe
2005-01-24 19:59 ` Elias da Silva
2005-01-24 20:39 ` Jens Axboe
2005-01-24 22:10 ` Elias da Silva
2005-01-25 0:01 ` Alan Cox
2005-01-25 8:05 ` Jens Axboe
2005-01-25 9:29 ` Elias da Silva
2005-01-25 12:44 ` Alan Cox
2005-01-25 15:52 ` Elias da Silva [this message]
2005-01-25 12:45 ` Jens Axboe
2005-01-25 16:13 ` Elias da Silva
2005-01-25 16:21 ` Jens Axboe
2005-01-25 16:28 ` Elias da Silva
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200501251652.51452.silva@aurigatec.de \
--to=silva@aurigatec.de \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=axboe@suse.de \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.