From mboxrd@z Thu Jan  1 00:00:00 1970
From: Arnd Bergmann <arnd@arndb.de>
Subject: Re: [PATCH resend] mmc: Added ioctl to let userspace apps send ACMDs
Date: Sat, 19 Mar 2011 20:00:23 +0100
Message-ID: <201103192000.24186.arnd@arndb.de>
References: <203F41F6E33F954E8E8B02559FDC906F7431FC48EA@modex01> <201103182026.48939.arnd@arndb.de> <AANLkTinKon=D445PEHP2CzeL7OUpf_4y8j0-GA2nmZPt@mail.gmail.com>
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-8859-2
Content-Transfer-Encoding: QUOTED-PRINTABLE
Return-path: <linux-mmc-owner@vger.kernel.org>
Received: from moutng.kundenserver.de ([212.227.126.186]:55448 "EHLO
	moutng.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1757241Ab1CSTAb (ORCPT
	<rfc822;linux-mmc@vger.kernel.org>); Sat, 19 Mar 2011 15:00:31 -0400
In-Reply-To: <AANLkTinKon=D445PEHP2CzeL7OUpf_4y8j0-GA2nmZPt@mail.gmail.com>
Sender: linux-mmc-owner@vger.kernel.org
List-Id: linux-mmc@vger.kernel.org
To: =?iso-8859-2?q?Micha=B3_Miros=B3aw?= <mirqus@gmail.com>
Cc: John Calixto <john.calixto@modsystems.com>, linux-mmc@vger.kernel.org, cjb@laptop.org

On Saturday 19 March 2011, Micha=B3 Miros=B3aw wrote:
> W dniu 18 marca 2011 20:26 u=BFytkownik Arnd Bergmann <arnd@arndb.de>=
 napisa=B3:
> > On Friday 18 March 2011 18:56:53 Micha=B3 Miros=B3aw wrote:
> >> If that's going to be used by possibly unprivileged userspace proc=
ess,
> >> then this passthrough should filter and validate all commands it
> >> passes to hardware. If there is a possibility of some command sequ=
ence
> >> to generate undefined or otherwise unwanted results, then you need
> >> state tracker that will disallow that sequence to be generated by
> >> unprivileged process.
> > We have precedence for direct host commands in a few other
> > block drivers. In general, any user who can open the block
> > device can issue all commands unless they can directly destroy
> > the hardware. On normal systems, the only user that has write
> > access to block devices is root.
>=20
> In this case, a process having access to one partition can disrupt
> other partitions on the same card even if it has no access to them in
> any other way.
>=20
> It is not that unusual on "normal systems" to give write access to
> some partition or device to unprivileged users. Database volumes are
> one example.

We can probably restrict it to the actual block device, and disallow
the ioctl on partitions to avoid that problem.

	Arnd