From: Jody McIntyre <scjody@modernduck.com>
To: linux-hotplug@vger.kernel.org
Subject: Re: Hotplug, 1394, and security
Date: Tue, 29 Nov 2005 05:43:08 +0000 [thread overview]
Message-ID: <20051129054308.GS20781@conscoop.ottawa.on.ca> (raw)
In-Reply-To: <20051125213209.GZ20781@conscoop.ottawa.on.ca>
On Tue, Nov 29, 2005 at 01:08:03AM +0100, Stefan Richter wrote:
> What about naming it "streams" then?
OK.
> >Sure, but as far as I know, non-root processes do not need any access to
> >other PCs on the bus.
>
> This means furthermore that only privileged users (e.g. root) should be
> allowed to add unit directories to the local configROM, or generally to
> manipulate the ROM.
I don't see how one follows from the other, but yes, that was my
intent. Anything other than "streams", "arm", and async traffic will be
/dev/raw1394-only (or typically, root-only.) If it's necessary to add
more types of packets to the list, we can certainly do that.
> OTOH the problem with phys DMA should rather be solved in the driver
> stack which enables phys DMA.
I agree. Unfortunately it's impossible to solve for everyone. Most
sbp2 users will want it enabled, but security-conscious people will want
it off. I don't know what a sane default is (so let's stick with what
we've got.. in any case, that's beyond the scope of this discussion.
Cheers,
Jody
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37&alloc_id\x16865&op=click
_______________________________________________
Linux-hotplug-devel mailing list http://linux-hotplug.sourceforge.net
Linux-hotplug-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-hotplug-devel
next prev parent reply other threads:[~2005-11-29 5:43 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-11-25 21:32 Hotplug, 1394, and security Jody McIntyre
2005-11-25 21:49 ` Kurt Konolige
2005-11-25 22:52 ` Jody McIntyre
2005-11-25 23:29 ` Stefan Richter
2005-11-26 6:52 ` Kurt Konolige
2005-11-26 7:07 ` Stefan Richter
2005-11-27 5:03 ` Jody McIntyre
2005-11-27 5:28 ` Jody McIntyre
2005-11-27 5:45 ` Kurt Konolige
2005-11-27 13:39 ` Stefan Richter
2005-11-27 13:50 ` Stefan Richter
2005-11-27 13:55 ` Stefan Richter
2005-11-28 22:30 ` Jody McIntyre
2005-11-29 0:08 ` Stefan Richter
2005-11-29 5:43 ` Jody McIntyre [this message]
2005-11-29 7:57 ` Stefan Richter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20051129054308.GS20781@conscoop.ottawa.on.ca \
--to=scjody@modernduck.com \
--cc=linux-hotplug@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).