Re: Re(2): scsi-destroyer.c to come...

From: Oliver Xymoron (oxymoron@waste.org)
Date: Mon Jul 24 2000 - 13:09:18 EST

Next message: Richard Gooch: "Re: devfs .102 20000622: No ide-floppy?"
Previous message: Andre Hedrick: "Re: DriveReady SeekComplete Error"
In reply to: Timothy Knox: "Re(2): scsi-destroyer.c to come..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 24 Jul 2000, Timothy Knox wrote:

> Somewhere on Shadow Earth, Stuart MacDonald wrote:
>
> >I can fry my hard drive even if your patch is in the kernel. Therefore
> >your patch secures nothing.
>
> I thought (and maybe I am just stupid) that the intent of the patch was
> not to stop deliberate damage, since that is not, practically speaking,
> possible, but to prevent accidental damage. In other words, if I have a
> process that got trashed and is sending random garbage to the driver,
> this patch would catch it and stop me from accidentally trashing my disk.
> Or, as they said when I was young, "Locks are for keeping honest people
> honest." In other words, if you have root privileges and want to trash a
> system, there are dozens of ways to do. This patch is merely intended to
> protect those who aren't trying to trash the system from doing so
> inadvertently.

That's not the way the primary proponent of the patch is presenting it,
hence the clamor.

If it were instead presented as "this will prevent people from
accidentally frying their drives" then we'd say:

a) no one's done it by accident yet
b) the odds of doing it are negligible
c) it prevents legitimate things that root might want to do
d) the command filter code is about 50k
e) and touches lots of the driver
f) we're in a code freeze

> So stop seeing this as a security patch, and see it as a safety patch; in
> much the same way that we don't let regular users write to the raw device
> files, we don't let them send unfiltered commands.

That's already the case without the patch. Only someone with CAP_SYS_ADMIN
privs (namely root) can send raw commands. Arguably they should have
CAP_SYS_RAWIO as well and patches for that have been posted for both IDE
and SCSI.

-- "Love the dolphins," she advised him. "Write by W.A.S.T.E.."

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Richard Gooch: "Re: devfs .102 20000622: No ide-floppy?"
Previous message: Andre Hedrick: "Re: DriveReady SeekComplete Error"
In reply to: Timothy Knox: "Re(2): scsi-destroyer.c to come..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Mon Jul 31 2000 - 21:00:17 EST