Re: ide-cd problems

[Jens Axboe]

On Thu, Aug 05 2004, Alan Cox wrote:
> On Iau, 2004-08-05 at 20:35, Jens Axboe wrote:
> > > exotic commands, and given the choice of having users able to send 
> > > arbitrary commands to the device and not access it at all, I would say 
> > > "not at all" would be good.
> > 
> > Then don't make your cdrom device accesable.
> 
> Lets get rid of root, I mean you don't need root, you could just turn
> your computer off.
> 
> What planet are you living on Jens ?

I'm living on the planet where filtering is not possible, unless you
want to have oodles of unmaintanable tables for different devices. And
that means that if you don't trust a user with your cdrom currently,
don't give him/her access to it.

> End users have lots of reasons for being able to access /dev/cdrom
> directly and also often for groups of users to access a disk directly
> (for example Oracle databases).

Yes I know.

> That means any security model that isn't based around things beyond
> basic device access is flawed.

Then we should require raw io capability, as I've stated I'm fine with
that. I'm not fine with filtering.

> > Affects all devices that accept SG_IO.
> 
> Then if you refuse to fix SG_IO perhaps all device drivers should remove
> support for it ?

Well they can't, it's a block layer property. The only thing the device
sees is a regular struct request.

-- 
Jens Axboe

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/