From: Greg KH <gregkh@suse.de>
To: Kai Makisara <Kai.Makisara@kolumbus.fi>
Cc: linux-scsi@vger.kernel.org, linux-kernel@vger.kernel.org,
James Bottomley <James.Bottomley@steeleye.com>
Subject: Re: [PATCH 2.6.11.8] SCSI tape security: require CAP_SYS_RAWIO for SG_IO etc.
Date: Tue, 3 May 2005 14:02:47 -0700 [thread overview]
Message-ID: <20050503204614.GA15976@suse.de> (raw)
In-Reply-To: <Pine.LNX.4.61.0505012051300.6783@kai.makisara.local>
On Sun, May 01, 2005 at 08:56:06PM +0300, Kai Makisara wrote:
> On Sat, 30 Apr 2005, Kai Makisara wrote:
>
> > The patch at the end is against 2.6.11.8.
> >
> > The kernel currently allows any user permitted to access the tape device file
> > to send the tape drive commands that may either make the tape drivers internal
> ...
> > filtering. This patch solves the problem for tapes and no more elaborate
> > patches are needed. If those are merged to the kernel, this patch can be reversed.
> >
> > Signed-off-by: Kai Makisara <kai.makisara@kolumbus.fi>
> >
> > --- linux-2.6.11.8/drivers/scsi/st.c 2005-03-03 21:10:36.000000000 +0200
> > +++ linux-2.6.11.8-k1/drivers/scsi/st.c 2005-04-30 09:57:21.000000000 +0300
> > @@ -3414,7 +3414,10 @@ static int st_ioctl(struct inode *inode,
> > case SCSI_IOCTL_GET_BUS_NUMBER:
> > break;
> > default:
> > - i = scsi_cmd_ioctl(file, STp->disk, cmd_in, p);
> > + if (!capable(CAP_SYS_RAWIO))
> > + i = -EPERM;
> > + else
> > + i = scsi_cmd_ioctl(file, STp->disk, cmd_in, p);
> > if (i != -ENOTTY)
> > return i;
> > break;
>
> Please hold this patch. Testing the corresponding patch for 2.6.12-rc
> showed that this is too restrictive. Best to wait until the next versions
> will be reviewed on the linux-scsi list and merged into -rc.
Ok, when you come up with something that is acceptable, care to email it
also to the stable@kernel.org people?
thanks,
greg k-h
prev parent reply other threads:[~2005-05-03 21:02 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-04-30 7:59 [PATCH 2.6.11.8] SCSI tape security: require CAP_SYS_RAWIO for SG_IO etc Kai Makisara
2005-05-01 17:56 ` Kai Makisara
2005-05-03 21:02 ` Greg KH [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050503204614.GA15976@suse.de \
--to=gregkh@suse.de \
--cc=James.Bottomley@steeleye.com \
--cc=Kai.Makisara@kolumbus.fi \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox