Re: Direct access to hardware

From: Adam Sampson (azz@gnu.org)
Date: Tue Jul 25 2000 - 14:07:07 EST


On Sun, Jul 23, 2000 at 11:22:56PM -0700, Linus Torvalds wrote:
> In short, should we
> - know every single drive, know every command it can take, and do all of
> this inside the OS

A possible compromise would be to limit the set of commands that you can
send to a known good set that's common among all drives unless you've got
CAP_SYS_RAWIO (or whatever's appropriate). That way, if I've got a server
where I know I'm only going to need to send drive-specific commands
occasionally, I can drop that capability from the default set when I'm
running multiuser, and reboot into single-user mode if I need to do drive
maintenance.

> Or should the kernel assume that "Oh, he has the permission to do this,
> then sure, I'll let him do it..".

Exactly. It's just that it would be nice to have a way of permanently
revoking _just_ that permission when we know we won't need it any more.

Just out of interest, does anyone know what OpenBSD does about checking raw
IDE/SCSI commands? It sounds like the sort of thing that they might be
interested in.

-- 

Adam Sampson azz@gnu.org

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Mon Jul 31 2000 - 21:00:20 EST