Re: cd burning with plextor drives.

[Christer Weinigel <christer@weinigel.se>]

James Bottomley <James.Bottomley@SteelEye.com> writes:

> On Sat, 2006-07-29 at 13:12 +0200, Jens Axboe wrote:
> > > I'm not that familiar with this code, but would adding exceptions
> > > on a per-vendor basis in sg_allow_access() be the way forward here?
> > > 
> > > If not, what is the right answer ?
> > 
> > I'd greatly prefer just ripping the entire command access table out, it
> > was a mistake to begin with and still just a horrible solution.
> > 
> > In fact, I think we should decide soon what to do about it. At the
> > storage summit, there was general consensus on just killing it as well.
> 
> I concur.  If we're going to allow users access to burn CDs, it's
> impossible to police them with certainty as this case indicates.  If we
> allow vendor specific commands down, there are bound to be some that
> format the drive or destroy the firmware ...
> 
> So I think ripping the table out and acknowledging we have no security
> is better than giving the illusion of having it.

How about making cmd_type a per device variable and adding an ioctl to
set cmd_type?  Let cmd_type default to letting everything through.
That way a distribution can add filters if it wants to.

 /Christer

-- 
"Just how much can I get away with and still go to heaven?"

Freelance consultant specializing in device driver programming for Linux 
Christer Weinigel <christer@weinigel.se>  http://www.weinigel.se