From: Bill Davidsen <davidsen@tmr.com>
To: linux-kernel@vger.kernel.org
Subject: Re: SG_IO and security
Date: Mon, 16 Aug 2004 18:00:11 -0400 [thread overview]
Message-ID: <cfradk$97j$1@gatekeeper.tmr.com> (raw)
In-Reply-To: <Pine.LNX.4.58.0408120958000.1839@ppc970.osdl.org>
Linus Torvalds wrote:
>
> On Thu, 12 Aug 2004, Jeff Garzik wrote:
>
>>Linus Torvalds wrote:
>>
>>>On Thu, 12 Aug 2004, Linus Torvalds wrote:
>>>
>>>
>>>>Hmm.. This still allows the old "junk" commands (SCSI_IOCTL_SEND_COMMAND).
>>>
>>>
>>>Btw, I think the _right_ thing to check is the write access of the file
>>>descriptor. If you have write access to a block device, you can delete the
>>>data, so you might as well be able to do the raw commands. And that would
>>>allow things like "disk" groups etc to work and burn CD's.
>>
>>Define raw commands. I certainly don't want non-root users to be able
>>to issue FORMAT UNIT on my hard drive.
>
>
> Ehh? The same ones you allow to write all over the raw device?
>
> Let's see now:
>
> brw-rw---- 1 root disk 3, 0 Jan 30 2003 /dev/hda
>
> would you put people you don't trust with your disk in the "disk" group?
>
> Right. If you trust somebody enough that you give him write access to the
> disk, then you might as well trust him enough to do commands on it.
>
> Conversely, if you don't trust him enough to do things like that, you
> shouldn't give him write access in the first place.
>
> It's a hell of a lot easier to destroy a disk with
>
> dd if=/dev/zero of=/dev/xxx bs=8k
>
> than it is to do it with some special malicious command.
>
> And yes, there's clearly a difference, but in general I'd say it is the
> _data_ on the disk that is worth something to you. The disk itself? Do you
> really fundamentally care?
I will offer two cases which is not wildly improbable. User complains
the CD burner will {burn faster, burn brand X media, write HD mode} if
the firmware is upgraded. User has write to burn CDs, decides to flash
the firmware herself, turns CD into paperweight. Or possibly user tries
to install CD firmware on a disk drive.
Case two, user is DBA, has write on raw partitions for Oracle, can
mangle the whole device, and through some stupidity does.
--
-bill davidsen (davidsen@tmr.com)
"The secret to procrastination is to put things off until the
last possible moment - but no longer" -me
next prev parent reply other threads:[~2004-08-16 22:00 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-08-12 12:17 SG_IO and security Alan Cox
2004-08-12 16:39 ` Linus Torvalds
2004-08-12 16:45 ` Linus Torvalds
2004-08-12 16:55 ` Jeff Garzik
2004-08-12 17:01 ` Jeff Garzik
2004-08-12 17:02 ` Linus Torvalds
2004-08-12 17:13 ` Jeff Garzik
2004-08-12 19:22 ` Kai Makisara
2004-08-13 19:25 ` Peter Jones
2004-08-13 19:37 ` Jeff Garzik
2004-08-14 7:22 ` Kai Makisara
2004-08-14 15:33 ` Alan Cox
2004-08-16 22:24 ` Bill Davidsen
2004-08-16 22:00 ` Bill Davidsen [this message]
2004-08-12 17:06 ` Arjan van de Ven
2004-08-12 17:35 ` Jens Axboe
2004-08-12 18:29 ` Jens Axboe
2004-08-12 18:37 ` Jeff Garzik
2004-08-12 18:43 ` Jens Axboe
2004-08-12 18:45 ` Christoph Hellwig
2004-08-12 18:48 ` Jens Axboe
2004-08-12 20:19 ` Alan Cox
2004-08-12 20:16 ` Alan Cox
2004-08-12 22:51 ` Eric Lammerts
2004-08-13 0:09 ` Linus Torvalds
2004-08-13 6:59 ` Jens Axboe
2004-08-13 7:22 ` viro
2004-08-13 7:43 ` Arjan van de Ven
2004-08-13 7:46 ` Jens Axboe
2004-08-13 19:18 ` Jeff Garzik
2004-08-13 19:37 ` Linus Torvalds
2004-08-13 19:44 ` Jeff Garzik
2004-08-13 19:49 ` Florian Weimer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='cfradk$97j$1@gatekeeper.tmr.com' \
--to=davidsen@tmr.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.