From: John Calixto <john.calixto@modsystems.com>
To: "Michał Mirosław" <mirqus@gmail.com>
Cc: Arnd Bergmann <arnd@arndb.de>, linux-mmc@vger.kernel.org, cjb@laptop.org
Subject: Re: [PATCH resend] mmc: Added ioctl to let userspace apps send ACMDs
Date: Tue, 22 Mar 2011 15:31:53 -0700 (PDT) [thread overview]
Message-ID: <alpine.DEB.2.00.1103221508420.30367@peruna> (raw)
In-Reply-To: <AANLkTimwnS74Ybo6XTLOVUs7pRZBv4+hDgS7i2bfj+HV@mail.gmail.com>
[-- Attachment #1: Type: TEXT/PLAIN, Size: 2034 bytes --]
On Tue, 22 Mar 2011, Michał Mirosław wrote:
> >> In this case, a process having access to one partition can disrupt
> >> other partitions on the same card even if it has no access to them in
> >> any other way.
> > This is true, but I can already wreak havoc on partitions for any block
> > device by opening up the block device node directly, seeking and
> > writing. If I have write access to the block device, I can do whatever
> > I want.
>
> You're talking about reverse case to what I described. Using a
> partition, you shouldn't be able to effect the device in a way that
> extends part this particular partition.
>
Ah - I see. Sorry, I misread your comment.
> >> It is not that unusual on "normal systems" to give write access to
> >> some partition or device to unprivileged users. Database volumes are
> >> one example.
> > Are you talking about the device nodes themselves, or about access to
> > the mounted filesystems that live on those devices/partitions? It seems
> > like if you give unprivileged users write access to the raw block
> > device, you should expect a lot more trouble from
> > runaway/malicious/accidental writes than you would from
> > application-specific commands being sent via ioctl.
>
> I don't exactly see what's your point here. If you say that writes are
> less dangerous than ioctls, then I agree. Even now, for some block
> ioctls you need CAP_SYS_ADMIN because of that.
>
In general, I agree with your caution. My point is that I'm not sure
this type of protection belongs in the kernel. We use permissions and
"medium-privileged" role users all the time to marshal access to
sensitive files and devices. This is a problem that has been solved in
userspace. You don't let normal user "john" have the same access to
device nodes or even files and directories that you would for role user
"database", or role user "webserver". (Actually, you probably shouldn't
let normal user "john" have access to anything - I hear he's trouble!)
John
next prev parent reply other threads:[~2011-03-22 22:32 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-03-17 18:28 [PATCH resend] mmc: Added ioctl to let userspace apps send ACMDs John Calixto
2011-03-17 18:35 ` Ben Dooks
2011-03-17 21:55 ` Arnd Bergmann
2011-03-18 17:32 ` John Calixto
2011-03-18 17:56 ` Michał Mirosław
2011-03-18 19:26 ` Arnd Bergmann
2011-03-19 17:36 ` Michał Mirosław
2011-03-19 19:00 ` Arnd Bergmann
2011-03-21 18:37 ` John Calixto
2011-03-21 23:16 ` Michał Mirosław
2011-03-22 22:31 ` John Calixto [this message]
2011-03-23 0:18 ` Michał Mirosław
2011-03-23 0:44 ` John Calixto
2011-03-23 7:57 ` Arnd Bergmann
2011-03-18 19:25 ` Arnd Bergmann
2011-03-18 22:06 ` [PATCH resend] mmc: Added ioctl to let userspace apps send ACMD John Calixto
2011-03-19 11:52 ` Arnd Bergmann
2011-03-20 2:12 ` John Calixto
2011-03-20 5:11 ` Michał Mirosław
2011-03-21 12:25 ` Arnd Bergmann
2011-03-21 14:26 ` Andrei Warkentin
2011-03-21 18:22 ` John Calixto
2011-03-19 0:24 ` [PATCH resend] mmc: Added ioctl to let userspace apps send ACMDs John Calixto
2011-03-19 9:42 ` Arnd Bergmann
2011-03-19 16:09 ` Chris Ball
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.DEB.2.00.1103221508420.30367@peruna \
--to=john.calixto@modsystems.com \
--cc=arnd@arndb.de \
--cc=cjb@laptop.org \
--cc=linux-mmc@vger.kernel.org \
--cc=mirqus@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox