Re: ide-cd problems

[Alan Cox]

On Gwe, 2004-08-06 at 07:23, Jens Axboe wrote:
> Perhaps if you acknowledge that it wont be perfect, then it's becomes
> more acceptable imo. So you can issue some commands that do write to the
> drive even as a regular user, but none that permanently alter the state
> of the drive or its media (to the best of our knowledge). Other commands
> you let through.

The code you included is roughly the kind of filtering I mean except
that unknown commands must not get through without CAP_SYS_RAWIO.
Anything that is doubtful doesn't get through. As to the location you do
it there are at least two ways to handle that. One is that you stick the
CAP_SYS_RAWIO of the requester in a flag in the request block the other
is that you do it at the top layer. Some BSD socket implementations take
the former approach and it works very well as the driver can make a
final decision but is told the rights attached to the command.

So once its

	switch()
	{
		case READ6:
		case READ10:
				...
			/* Always */
			break;
		case WRITE6:
		case WRITE10:
			...
			/* if write */
		default:
			if(capable(CAP_SYS_RAWIO))
			/* Only administrators get to do arbitary things */

I agree with it. 

Alan

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/