With out the full touch it will not work.
20% are functionally that have to be there for 2.4 to stand a chance of
being correct.
80% is TASKFILE rewrite to give us the armor.
You want just the armor fine, but the other will come next.
On Fri, 21 Jul 2000, Oliver Xymoron wrote:
> On Fri, 21 Jul 2000, Andre Hedrick wrote:
>
> > I wrote the patch but it is not wanted "ide.2.4.0-t5-2.all.4c.patch.bz2"
> > I proved the tool to try and break it.
>
> Andre, what's the smallest patch to the current code which will kill raw
> writes? I suspect a couple lines in drivers/ide/ide.c of the form
ide.2.4.0-t5-2.kludge.patch
This expose the hole with no real method to protect.
> case HDIO_DRIVE_CMD:
> .
> .
> .
> int i, raw_cmds[]={WIN_WRITE, WIN_WRITEDMA, ...,0};
> for(i=0; raw_cmds[i]; i++)
> if(cmd==raw_cmds[i] && !capable(CAP_SYS_RAW))
> return -EACCESS;
>
> I agree with Alan that we should limit those commands to people with
> CAP_SYS_RAW. The above is arguably the correct thing to do under the
> capabilities model anyway and is simple enough that it's not likely to
> impact anything. Chances of getting accepted are much higher than your 64k
> patch which touches many files and rewrites many functions.
Cheers,
Andre Hedrick
The Linux ATA/IDE guy
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Jul 23 2000 - 21:00:17 EST