From: Jeff Garzik <jgarzik@mandrakesoft.com>
To: Olivier Galibert <galibert@pobox.com>
Cc: LKML <linux-kernel@vger.kernel.org>
Subject: Re: [patch] My AMD IDE driver, v2.7
Date: Mon, 11 Mar 2002 23:13:21 -0500 [thread overview]
Message-ID: <3C8D8061.4030503@mandrakesoft.com> (raw)
In-Reply-To: <Pine.LNX.4.33.0203111829550.1153-100000@home.transmeta.com> <3C8D69E3.3080908@mandrakesoft.com> <20020311223439.A2434@zalem.nrockv01.md.comcast.net>
Olivier Galibert wrote:
>On Mon, Mar 11, 2002 at 09:37:23PM -0500, Jeff Garzik wrote:
>
>>It serves to encourage openness, nobody is forced to use it, and it
>>provides an additional layer of protection for those that choose to use
>>it. That is the point.
>>
>
>It doesn't provide any meaningful protection, that's the point.
>
>If you're root/have CAP_SYS_RAWIO, you can bit-bang the interface, you
>can patch out the filter from the kernel binary, you can do whatever
>pleases you. Don't run evil programs as root in the first place. And
>if you want to have finer-grained capabilities for specific
>drive-level actions, create an higher-level interface for them which
>will guarantee that only safe commands are used because they will be
>
Under more restricted domains, root cannot bit-bang the interface.
s/CAP_SYS_RAWIO/CAP_DEVICE_CMD/ for the raw cmd ioctl interface. Have
the OS trap I/O port accesses using SMM mode if you would like, and that
applies to your particular security situation.
The filter is useful for other reasons like correctness, as well.
Jeff
next prev parent reply other threads:[~2002-03-12 4:14 UTC|newest]
Thread overview: 107+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-03-11 15:13 [patch] My AMD IDE driver, v2.7 Vojtech Pavlik
2002-03-11 16:36 ` Martin Dalecki
2002-03-11 20:49 ` Rik van Riel
2002-03-11 22:45 ` Alan Cox
2002-03-11 22:39 ` Linus Torvalds
2002-03-11 22:45 ` Vojtech Pavlik
2002-03-11 22:53 ` Linus Torvalds
2002-03-12 0:14 ` Bill Davidsen
2002-03-12 0:34 ` Jeff Garzik
2002-03-12 0:58 ` Erik Andersen
2002-03-12 1:33 ` Jeff Garzik
2002-03-12 1:41 ` Linus Torvalds
2002-03-12 1:50 ` Jeff Garzik
2002-03-11 18:50 ` gmack
2002-03-12 2:19 ` Linus Torvalds
2002-03-12 2:34 ` Jeff Garzik
2002-03-12 11:21 ` Martin Dalecki
2002-03-12 2:54 ` J. Dow
2002-03-12 6:32 ` Vojtech Pavlik
2002-03-14 15:12 ` Pavel Machek
2002-03-13 18:42 ` Horst von Brand
2002-03-13 19:11 ` Andre Hedrick
2002-03-12 6:25 ` Vojtech Pavlik
2002-03-12 7:13 ` Erik Andersen
2002-03-12 16:40 ` Bill Davidsen
2002-03-12 0:51 ` Linus Torvalds
2002-03-12 1:41 ` Jeff Garzik
2002-03-12 1:44 ` Linus Torvalds
2002-03-12 2:22 ` Jeff Garzik
2002-03-12 2:33 ` Linus Torvalds
2002-03-12 2:37 ` Jeff Garzik
2002-03-12 3:34 ` Olivier Galibert
2002-03-12 4:13 ` Jeff Garzik [this message]
2002-03-14 14:13 ` Pavel Machek
2002-03-15 11:05 ` Jeff Garzik
2002-03-18 19:20 ` Pavel Machek
2002-03-19 9:29 ` Vojtech Pavlik
2002-03-19 21:21 ` Pavel Machek
2002-03-19 21:56 ` Vojtech Pavlik
2002-03-20 8:00 ` Daniela Engert
2002-03-20 18:11 ` Bill Davidsen
2002-03-20 18:46 ` Daniela Engert
2002-03-20 22:15 ` Pavel Machek
2002-03-20 23:09 ` Daniel Kobras
2002-03-19 22:33 ` Andre Hedrick
2002-03-20 0:25 ` Alan Cox
2002-03-15 14:45 ` Alan Cox
2002-03-12 11:23 ` Martin Dalecki
2002-03-12 2:50 ` J. Dow
2002-03-12 3:10 ` Jeff Garzik
2002-03-12 3:28 ` Linus Torvalds
2002-03-12 3:46 ` Jeff Garzik
2002-03-12 6:10 ` J. Dow
2002-03-12 3:58 ` Linus Torvalds
2002-03-12 4:26 ` Jeff Garzik
2002-03-12 4:40 ` Linus Torvalds
2002-03-12 6:26 ` J. Dow
2002-03-12 11:44 ` Martin Dalecki
2002-03-12 4:31 ` Linus Torvalds
2002-03-12 5:05 ` Jeff Garzik
2002-03-12 5:20 ` Linus Torvalds
2002-03-12 11:39 ` Martin Dalecki
2002-03-12 4:49 ` Erik Andersen
2002-03-12 5:08 ` Linus Torvalds
2002-03-12 11:36 ` Martin Dalecki
2002-03-12 6:05 ` J. Dow
2002-03-12 4:41 ` Erik Andersen
2002-03-12 4:48 ` Jeff Garzik
2002-03-12 6:30 ` J. Dow
2002-03-12 6:29 ` J. Dow
2002-03-12 16:36 ` Bill Davidsen
2002-03-12 2:57 ` Alan Cox
2002-03-12 2:49 ` Jeff Garzik
2002-03-12 11:17 ` Alan Cox
2002-03-13 8:14 ` ide filters / 'ide dump' / 'bio dump' bert hubert
2002-03-13 10:11 ` Jeff Garzik
2002-03-13 12:05 ` Malcolm Beattie
2002-03-13 17:17 ` Linus Torvalds
2002-03-12 11:10 ` [patch] My AMD IDE driver, v2.7 Martin Dalecki
2002-03-12 0:33 ` benh
2002-03-12 20:21 ` Gunther Mayer
2002-03-12 16:33 ` Bill Davidsen
2002-03-12 11:00 ` Martin Dalecki
2002-03-12 15:59 ` Vojtech Pavlik
2002-03-12 16:11 ` Martin Dalecki
2002-03-12 16:21 ` Vojtech Pavlik
2002-03-12 16:26 ` Martin Dalecki
2002-03-12 16:33 ` Vojtech Pavlik
2002-03-12 16:41 ` Martin Dalecki
2002-03-13 0:01 ` Russell King
2002-03-12 16:43 ` Martin Dalecki
2002-03-12 16:50 ` Vojtech Pavlik
2002-03-12 16:58 ` Martin Dalecki
2002-03-14 14:02 ` Pavel Machek
2002-03-15 11:13 ` Vojtech Pavlik
2002-03-18 19:21 ` Pavel Machek
2002-03-12 16:44 ` Sebastian Droege
2002-03-13 19:43 ` Bill Davidsen
2002-03-12 16:17 ` Martin Dalecki
2002-03-12 16:27 ` Vojtech Pavlik
2002-03-12 16:32 ` Martin Dalecki
2002-03-12 20:00 ` [patch] PIIX driver rewrite Vojtech Pavlik
2002-03-12 20:35 ` Sebastian Droege
2002-03-12 20:34 ` Vojtech Pavlik
2002-03-12 21:07 ` Sebastian Droege
2002-03-12 21:19 ` Vojtech Pavlik
2002-03-11 23:01 ` [patch] My AMD IDE driver, v2.7 Alan Cox
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3C8D8061.4030503@mandrakesoft.com \
--to=jgarzik@mandrakesoft.com \
--cc=galibert@pobox.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox