Re: Direct access to hardware

From: Linus Torvalds (torvalds@transmeta.com)
Date: Sat Jul 22 2000 - 12:47:33 EST


In article <Pine.LNX.4.10.10007221822320.5862-100000@dax.joh.cam.ac.uk>,
James Sutherland <jas88@cam.ac.uk> wrote:
>
>So much for the "root is god" claims made earlier, then. What about iopl()
>and the like? IF capabilities can be used to block this (and similar), and
>Andre's "sanity checking" for ATA is added, then surely it *IS* possible
>to prevent root screwing the HDD (without replacing the kernel, at which
>point all bets are off, of course).

What's the point?

If the system is secure, then adding sanity checking to the ATA code
makes no difference: nobody gets to do anything improper anyway.

If the system is not secure, then adding sanity checking to the ATA code
makes no difference: people who could use the ATA thing can use other
things that are much more insidious.

The mechanism that everybody wants is _already_ there. It's called
"permissions". No new driver code necessary.

If those permissions do not work, then they don't work, and adding
last-minute band-aids makes no difference.

Just as a comparison, look at Windows. It takes the opposite approach:
it has no real seurity, but a LOT of band-aids to avoid the "obvious"
holes. Leaving it wide open.

                Linus

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Sun Jul 23 2000 - 21:00:19 EST