* Re: [patch 23/28] scsi cd: VariRec, GigaRec and PowerRec as user
[not found] <200603080816.k288GSQO002236@shell0.pdx.osdl.net>
@ 2006-03-08 15:12 ` James Bottomley
2006-03-08 15:15 ` Jens Axboe
2006-03-08 15:45 ` Matthew Wilcox
0 siblings, 2 replies; 4+ messages in thread
From: James Bottomley @ 2006-03-08 15:12 UTC (permalink / raw)
To: akpm; +Cc: linux-scsi, T.Maguin, axboe
On Wed, 2006-03-08 at 00:14 -0800, akpm@osdl.org wrote:
> From: Thomas Maguin <T.Maguin@web.de>
> This patch allows normal users to eectute some Plextor drives
> commands:
>
> - Hide CD-R
> - SingleSession
> - SpeedRead
> - PowerRec
> - VariRec
> - GigaRec
>
This one just isn't safe. We can't add vendor specific commands to the
permissions table because they mean different things to different
vendors ... get mode on one could be halt and catch fire on another, so
the whole concept of safety via command verification is lost.
I don't happen to believe in this type of command verification anyway,
so I'd be perfectly happy to switch this over to a better facility (like
capabilities), but while you're claiming to vet commands, you have to be
logically correct (which means no vendor specific commands).
James
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [patch 23/28] scsi cd: VariRec, GigaRec and PowerRec as user
2006-03-08 15:12 ` [patch 23/28] scsi cd: VariRec, GigaRec and PowerRec as user James Bottomley
@ 2006-03-08 15:15 ` Jens Axboe
2006-03-08 15:45 ` Matthew Wilcox
1 sibling, 0 replies; 4+ messages in thread
From: Jens Axboe @ 2006-03-08 15:15 UTC (permalink / raw)
To: James Bottomley; +Cc: akpm, linux-scsi, T.Maguin
On Wed, Mar 08 2006, James Bottomley wrote:
> On Wed, 2006-03-08 at 00:14 -0800, akpm@osdl.org wrote:
> > From: Thomas Maguin <T.Maguin@web.de>
>
> > This patch allows normal users to eectute some Plextor drives
> > commands:
> >
> > - Hide CD-R
> > - SingleSession
> > - SpeedRead
> > - PowerRec
> > - VariRec
> > - GigaRec
> >
>
> This one just isn't safe. We can't add vendor specific commands to the
> permissions table because they mean different things to different
> vendors ... get mode on one could be halt and catch fire on another, so
> the whole concept of safety via command verification is lost.
>
> I don't happen to believe in this type of command verification anyway,
> so I'd be perfectly happy to switch this over to a better facility (like
> capabilities), but while you're claiming to vet commands, you have to be
> logically correct (which means no vendor specific commands).
I have to agree, unfortunately... Perhaps this is some motivation to get
the fs permission table into the mainline kernel for 2.6.17. It's the
'cmdfilter' branch of the git block repo. Then we could finally get rid
of this ugly command table.
--
Jens Axboe
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [patch 23/28] scsi cd: VariRec, GigaRec and PowerRec as user
2006-03-08 15:12 ` [patch 23/28] scsi cd: VariRec, GigaRec and PowerRec as user James Bottomley
2006-03-08 15:15 ` Jens Axboe
@ 2006-03-08 15:45 ` Matthew Wilcox
2006-03-08 17:30 ` Jeff Garzik
1 sibling, 1 reply; 4+ messages in thread
From: Matthew Wilcox @ 2006-03-08 15:45 UTC (permalink / raw)
To: James Bottomley; +Cc: akpm, linux-scsi, T.Maguin, axboe
On Wed, Mar 08, 2006 at 09:12:06AM -0600, James Bottomley wrote:
> On Wed, 2006-03-08 at 00:14 -0800, akpm@osdl.org wrote:
> > From: Thomas Maguin <T.Maguin@web.de>
>
> > This patch allows normal users to eectute some Plextor drives
> > commands:
> >
> > - Hide CD-R
> > - SingleSession
> > - SpeedRead
> > - PowerRec
> > - VariRec
> > - GigaRec
> >
>
> This one just isn't safe. We can't add vendor specific commands to the
> permissions table because they mean different things to different
> vendors ... get mode on one could be halt and catch fire on another, so
> the whole concept of safety via command verification is lost.
Thanks for NAKing this one again, James. I'm a bit disappointed akpm
picked it up given that I explained how unsafe it was when it was posted:
http://marc.theaimsgroup.com/?l=linux-scsi&m=113976322621230&w=2
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [patch 23/28] scsi cd: VariRec, GigaRec and PowerRec as user
2006-03-08 15:45 ` Matthew Wilcox
@ 2006-03-08 17:30 ` Jeff Garzik
0 siblings, 0 replies; 4+ messages in thread
From: Jeff Garzik @ 2006-03-08 17:30 UTC (permalink / raw)
To: Matthew Wilcox; +Cc: James Bottomley, akpm, linux-scsi, T.Maguin, axboe
Matthew Wilcox wrote:
> On Wed, Mar 08, 2006 at 09:12:06AM -0600, James Bottomley wrote:
>
>>On Wed, 2006-03-08 at 00:14 -0800, akpm@osdl.org wrote:
>>
>>>From: Thomas Maguin <T.Maguin@web.de>
>>
>>>This patch allows normal users to eectute some Plextor drives
>>>commands:
>>>
>>>- Hide CD-R
>>>- SingleSession
>>>- SpeedRead
>>>- PowerRec
>>>- VariRec
>>>- GigaRec
>>>
>>
>>This one just isn't safe. We can't add vendor specific commands to the
>>permissions table because they mean different things to different
>>vendors ... get mode on one could be halt and catch fire on another, so
>>the whole concept of safety via command verification is lost.
>
>
> Thanks for NAKing this one again, James. I'm a bit disappointed akpm
> picked it up given that I explained how unsafe it was when it was posted:
> http://marc.theaimsgroup.com/?l=linux-scsi&m=113976322621230&w=2
I NAK'd it as well, for obvious reasons...
Jeff
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2006-03-08 17:30 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <200603080816.k288GSQO002236@shell0.pdx.osdl.net>
2006-03-08 15:12 ` [patch 23/28] scsi cd: VariRec, GigaRec and PowerRec as user James Bottomley
2006-03-08 15:15 ` Jens Axboe
2006-03-08 15:45 ` Matthew Wilcox
2006-03-08 17:30 ` Jeff Garzik
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).