Re: SG_IO and security

[Kai Makisara]

On Thu, 12 Aug 2004, Linus Torvalds wrote:

> 
> 
> On Thu, 12 Aug 2004, Jeff Garzik wrote:
> >
> > Linus Torvalds wrote:
> > > 
> > > On Thu, 12 Aug 2004, Linus Torvalds wrote:
> > > 
> > >>Hmm.. This still allows the old "junk" commands (SCSI_IOCTL_SEND_COMMAND).
> > > 
> > > 
> > > Btw, I think the _right_ thing to check is the write access of the file 
> > > descriptor. If you have write access to a block device, you can delete the 
> > > data, so you might as well be able to do the raw commands. And that would 
> > > allow things like "disk" groups etc to work and burn CD's.
> > 
> > Define raw commands.  I certainly don't want non-root users to be able 
> > to issue FORMAT UNIT on my hard drive.
> 
> Ehh? The same ones you allow to write all over the raw device?
> 
> Let's see now:
> 
> 	brw-rw----    1 root     disk       3,   0 Jan 30  2003 /dev/hda
> 
> would you put people you don't trust with your disk in the "disk" group?
> 
This protects disks in practice but SG_IO is currently supported by other 
devices, at least SCSI tapes. It is reasonable in some organizations to 
give r/w access to ordinary users so that they can read/write tapes. I 
would be worried if this would enable the users, for instance, to mess up 
the mode page contents of the drive or change the firmware.

-- 
Kai
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/