Re: SG_IO and security

From: Jens Axboe
Date: Thu Aug 12 2004 - 12:37:06 EST

Next message: Olaf Hering: "module.viomap support for ppc64"
Previous message: Jeff Garzik: "Re: Linux SATA RAID FAQ"
In reply to: Arjan van de Ven: "Re: SG_IO and security"
Next in thread: Jens Axboe: "Re: SG_IO and security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Aug 12 2004, Linus Torvalds wrote:
>
>
> On Thu, 12 Aug 2004, Linus Torvalds wrote:
> >
> > Hmm.. This still allows the old "junk" commands (SCSI_IOCTL_SEND_COMMAND).
>
> Btw, I think the _right_ thing to check is the write access of the file
> descriptor. If you have write access to a block device, you can delete the
> data, so you might as well be able to do the raw commands. And that would
> allow things like "disk" groups etc to work and burn CD's.
>
> However, right now we don't even pass down the "struct file" to this
> function. We probably should. Anybody willing to go through the callers?
> (just a few callers, but things like cdrom_command() doesn't even have the
> file, so it has to be recursive).

Precisely, I guess that's a 2.6.9 job then. CDROM_SEND_PACKET works
directly on top of SG_IO now, so should just work as long as sg_io() is
translated.

I have no problem going over this, if somebody beats me to it, fine.
I'll be gone on vacation next week.

--
Jens Axboe

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Olaf Hering: "module.viomap support for ppc64"
Previous message: Jeff Garzik: "Re: Linux SATA RAID FAQ"
In reply to: Arjan van de Ven: "Re: SG_IO and security"
Next in thread: Jens Axboe: "Re: SG_IO and security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]