Re: IF only........

From: Oliver Xymoron (oxymoron@waste.org)
Date: Fri Jul 21 2000 - 19:39:53 EST


On Fri, 21 Jul 2000, Andre Hedrick wrote:

> I wrote the patch but it is not wanted "ide.2.4.0-t5-2.all.4c.patch.bz2"
> I proved the tool to try and break it.

Andre, what's the smallest patch to the current code which will kill raw
writes? I suspect a couple lines in drivers/ide/ide.c of the form

 case HDIO_DRIVE_CMD:
 .
 .
 .
     int i, raw_cmds[]={WIN_WRITE, WIN_WRITEDMA, ...,0};
     for(i=0; raw_cmds[i]; i++)
         if(cmd==raw_cmds[i] && !capable(CAP_SYS_RAW))
             return -EACCESS;

I agree with Alan that we should limit those commands to people with
CAP_SYS_RAW. The above is arguably the correct thing to do under the
capabilities model anyway and is simple enough that it's not likely to
impact anything. Chances of getting accepted are much higher than your 64k
patch which touches many files and rewrites many functions.

--
 "Love the dolphins," she advised him. "Write by W.A.S.T.E.." 

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Sun Jul 23 2000 - 21:00:17 EST