From: Jens Axboe <axboe@suse.de>
To: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: Zinx Verituse <zinx@epicsol.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: ide-cd problems
Date: Mon, 9 Aug 2004 10:49:17 +0200 [thread overview]
Message-ID: <20040809084916.GR10418@suse.de> (raw)
In-Reply-To: <1091887718.18407.51.camel@localhost.localdomain>
On Sat, Aug 07 2004, Alan Cox wrote:
> On Gwe, 2004-08-06 at 15:32, Jens Axboe wrote:
> > That's the case I don't agree with, and why I didn't like the idea
> > originally. That suddenly requires a patching of the kernel because of
> > new commands in new devices. Like when dvd readers became common, you
> > can't just require people to update their kernel because a few new
> > commands are needed to drive them from user space.
>
> I'm stunning we are even having this argument. You are talking about
> what appes to be a hardware destruction enabling security level bug in
> the 2.6 kernel and arguing about whether it is a feature or not.
Alan, stop putting words into my mouth. I'm not saying it's a feature.
> In essence you are saying read access to any raw device node entitles
> the opener of the file to destroy the attached device (device even not
> just media). You are arguing that its ok that I can use raw scsi I/O to
> subvert the read/write permissions too.
In essence, yes. I'm arguing that it's not easily doable to
differentiate between destructive and non-destructive commands. And that
doing so requires extensive tables because commands are not the same
across devices.
I'm not saying that I think it's a good thing! Or a feature, for that
matter. I'm just arguing the feasibility of doing it, the maintenance
involved, etc.
> In the example code I gave
>
> > default:
> > if(capable(CAP_SYS_RAWIO))
> > /* Only administrators get to do arbitary things
> */
> >
>
> means there is no need to recompile anything, you just need priviledges
> to do stuff the kernel doesn't *know* is safe. This is the correct
> behaviour for people who don't live in cloud cuckoo land.
I'm well aware of the implications. The argument is only whether it's ok
to policy filter unknown commands. I guess with capability elevating the
app until the kernels are modified it would be ok, at least it enables
the apps to work for root.
--
Jens Axboe
next prev parent reply other threads:[~2004-08-09 8:50 UTC|newest]
Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-07-30 19:36 ide-cd problems Zinx Verituse
2004-07-31 15:36 ` Jens Axboe
2004-07-31 18:27 ` Zinx Verituse
2004-07-31 20:00 ` Jens Axboe
2004-07-31 21:02 ` Zinx Verituse
2004-08-01 4:07 ` Alexander E. Patrakov
2004-08-01 15:57 ` Jens Axboe
2004-08-02 3:20 ` Horst von Brand
2004-08-02 12:25 ` Jens Axboe
2004-08-02 20:44 ` Bill Davidsen
2004-08-02 13:45 ` tabris
2004-08-02 13:56 ` Jens Axboe
2004-08-02 14:26 ` Andreas Metzler
2004-08-02 14:33 ` Jens Axboe
2004-08-02 14:38 ` tabris
2004-08-02 14:50 ` Jens Axboe
2004-08-02 16:30 ` Bill Davidsen
2004-08-03 7:17 ` Jens Axboe
2004-08-02 17:16 ` Zinx Verituse
2004-08-05 5:40 ` Jens Axboe
2004-08-05 21:06 ` Alan Cox
2004-08-06 5:44 ` Jens Axboe
[not found] ` <20040806062331.GE10274@suse.de>
2004-08-06 12:14 ` Alan Cox
2004-08-06 14:32 ` Jens Axboe
2004-08-06 15:14 ` Charles Cazabon
2004-08-06 15:13 ` Jens Axboe
2004-08-07 14:01 ` Alan Cox
2004-08-06 17:26 ` dleonard
2004-08-06 22:47 ` Jens Axboe
2004-08-07 14:04 ` Alan Cox
2004-08-07 21:54 ` Alan Cox
2004-08-07 3:11 ` Jason L Tibbitts III
2004-08-09 8:39 ` Jens Axboe
2004-08-07 14:08 ` Alan Cox
2004-08-09 8:49 ` Jens Axboe [this message]
2004-08-02 23:54 ` Alan Cox
2004-08-03 5:53 ` Jens Axboe
2004-08-03 16:17 ` Zinx Verituse
2004-08-04 5:01 ` Jens Axboe
2004-08-05 15:52 ` Alan Cox
2004-08-05 17:46 ` Jens Axboe
2004-08-05 20:58 ` Alan Cox
2004-08-05 18:53 ` Bill Davidsen
2004-08-05 18:46 ` Bill Davidsen
2004-08-05 19:35 ` Jens Axboe
2004-08-05 21:02 ` Alan Cox
2004-08-06 5:42 ` Jens Axboe
2004-08-03 15:28 ` Doug Maxey
2004-08-03 17:28 ` Alan Cox
2004-08-09 20:24 ` Bill Davidsen
2004-08-02 16:41 ` Bill Davidsen
2004-08-03 15:50 ` Horst von Brand
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040809084916.GR10418@suse.de \
--to=axboe@suse.de \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=linux-kernel@vger.kernel.org \
--cc=zinx@epicsol.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).