From: Jens Axboe <axboe@suse.de>
To: dleonard@dleonard.net
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>,
Zinx Verituse <zinx@epicsol.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: ide-cd problems
Date: Sat, 7 Aug 2004 00:47:46 +0200 [thread overview]
Message-ID: <20040806224743.GA19131@suse.de> (raw)
In-Reply-To: <Pine.LNX.4.44.0408061020220.8255-100000@pooka.dleonard.net>
On Fri, Aug 06 2004, dleonard@dleonard.net wrote:
> On Fri, 6 Aug 2004, Jens Axboe wrote:
>
> > On Fri, Aug 06 2004, Alan Cox wrote:
> > > On Gwe, 2004-08-06 at 07:23, Jens Axboe wrote:
> > > > Perhaps if you acknowledge that it wont be perfect, then it's becomes
> > > > more acceptable imo. So you can issue some commands that do write to the
> > > > drive even as a regular user, but none that permanently alter the state
> > > > of the drive or its media (to the best of our knowledge). Other commands
> > > > you let through.
> > >
> > > The code you included is roughly the kind of filtering I mean except
> > > that unknown commands must not get through without CAP_SYS_RAWIO.
> > > Anything that is doubtful doesn't get through. As to the location you do
> > > it there are at least two ways to handle that. One is that you stick the
> > > CAP_SYS_RAWIO of the requester in a flag in the request block the other
> > > is that you do it at the top layer. Some BSD socket implementations take
> > > the former approach and it works very well as the driver can make a
> > > final decision but is told the rights attached to the command.
> > >
> > > So once its
> > >
> > > switch()
> > > {
> > > case READ6:
> > > case READ10:
> > > ...
> > > /* Always */
> > > break;
> > > case WRITE6:
> > > case WRITE10:
> > > ...
> > > /* if write */
> > > default:
> > > if(capable(CAP_SYS_RAWIO))
> > > /* Only administrators get to do arbitary things */
> > >
> > > I agree with it.
> >
> > That's the case I don't agree with, and why I didn't like the idea
> > originally. That suddenly requires a patching of the kernel because of
> > new commands in new devices. Like when dvd readers became common, you
> > can't just require people to update their kernel because a few new
> > commands are needed to drive them from user space.
>
> This is no different from having to build a new kernel whenever you
> happen to install a new revision of a videocard, nic, scsi controller,
> or random other device new enough that its pci_id isn't in pci_ids.h.
> New features and new devices frequently require new kernels.
It's completely different, that you say so shows you don't understand
the issue at all. New devices work just fine even if the kernel doesn't
understand the pci id, as long as you can drive it from user space. If
you want a direct comparison, it would be comparable to disallow anyone
to use a pci id you did not know about at kernel compile time. So if you
get a new video card later on, it would not work properly until you got
a new kernel with that id included.
But thanks for high lighting why filtering is bad for new devices.
--
Jens Axboe
next prev parent reply other threads:[~2004-08-06 22:48 UTC|newest]
Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-07-30 19:36 ide-cd problems Zinx Verituse
2004-07-31 15:36 ` Jens Axboe
2004-07-31 18:27 ` Zinx Verituse
2004-07-31 20:00 ` Jens Axboe
2004-07-31 21:02 ` Zinx Verituse
2004-08-01 4:07 ` Alexander E. Patrakov
2004-08-01 15:57 ` Jens Axboe
2004-08-02 3:20 ` Horst von Brand
2004-08-02 12:25 ` Jens Axboe
2004-08-02 20:44 ` Bill Davidsen
2004-08-02 13:45 ` tabris
2004-08-02 13:56 ` Jens Axboe
2004-08-02 14:26 ` Andreas Metzler
2004-08-02 14:33 ` Jens Axboe
2004-08-02 14:38 ` tabris
2004-08-02 14:50 ` Jens Axboe
2004-08-02 16:30 ` Bill Davidsen
2004-08-03 7:17 ` Jens Axboe
2004-08-02 17:16 ` Zinx Verituse
2004-08-05 5:40 ` Jens Axboe
2004-08-05 21:06 ` Alan Cox
2004-08-06 5:44 ` Jens Axboe
[not found] ` <20040806062331.GE10274@suse.de>
2004-08-06 12:14 ` Alan Cox
2004-08-06 14:32 ` Jens Axboe
2004-08-06 15:14 ` Charles Cazabon
2004-08-06 15:13 ` Jens Axboe
2004-08-07 14:01 ` Alan Cox
2004-08-06 17:26 ` dleonard
2004-08-06 22:47 ` Jens Axboe [this message]
2004-08-07 14:04 ` Alan Cox
2004-08-07 21:54 ` Alan Cox
2004-08-07 3:11 ` Jason L Tibbitts III
2004-08-09 8:39 ` Jens Axboe
2004-08-07 14:08 ` Alan Cox
2004-08-09 8:49 ` Jens Axboe
2004-08-02 23:54 ` Alan Cox
2004-08-03 5:53 ` Jens Axboe
2004-08-03 16:17 ` Zinx Verituse
2004-08-04 5:01 ` Jens Axboe
2004-08-05 15:52 ` Alan Cox
2004-08-05 17:46 ` Jens Axboe
2004-08-05 20:58 ` Alan Cox
2004-08-05 18:53 ` Bill Davidsen
2004-08-05 18:46 ` Bill Davidsen
2004-08-05 19:35 ` Jens Axboe
2004-08-05 21:02 ` Alan Cox
2004-08-06 5:42 ` Jens Axboe
2004-08-03 15:28 ` Doug Maxey
2004-08-03 17:28 ` Alan Cox
2004-08-09 20:24 ` Bill Davidsen
2004-08-02 16:41 ` Bill Davidsen
2004-08-03 15:50 ` Horst von Brand
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040806224743.GA19131@suse.de \
--to=axboe@suse.de \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=dleonard@dleonard.net \
--cc=linux-kernel@vger.kernel.org \
--cc=zinx@epicsol.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).