Re: ide-cd problems

From: dleonard
Date: Fri Aug 06 2004 - 12:55:47 EST

Next message: mikem: "cciss updates again [5/6] SATA controller ID fix for 2.6.8-rc3"
Previous message: Jon Smirl: "Re: DRM function pointer work.."
In reply to: Alan Cox: "Re: ide-cd problems"
Next in thread: Jens Axboe: "Re: ide-cd problems"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 6 Aug 2004, Jens Axboe wrote:

> On Fri, Aug 06 2004, Alan Cox wrote:
> > On Gwe, 2004-08-06 at 07:23, Jens Axboe wrote:
> > > Perhaps if you acknowledge that it wont be perfect, then it's becomes
> > > more acceptable imo. So you can issue some commands that do write to the
> > > drive even as a regular user, but none that permanently alter the state
> > > of the drive or its media (to the best of our knowledge). Other commands
> > > you let through.
> >
> > The code you included is roughly the kind of filtering I mean except
> > that unknown commands must not get through without CAP_SYS_RAWIO.
> > Anything that is doubtful doesn't get through. As to the location you do
> > it there are at least two ways to handle that. One is that you stick the
> > CAP_SYS_RAWIO of the requester in a flag in the request block the other
> > is that you do it at the top layer. Some BSD socket implementations take
> > the former approach and it works very well as the driver can make a
> > final decision but is told the rights attached to the command.
> >
> > So once its
> >
> > switch()
> > {
> > case READ6:
> > case READ10:
> > ...
> > /* Always */
> > break;
> > case WRITE6:
> > case WRITE10:
> > ...
> > /* if write */
> > default:
> > if(capable(CAP_SYS_RAWIO))
> > /* Only administrators get to do arbitary things */
> >
> > I agree with it.
>
> That's the case I don't agree with, and why I didn't like the idea
> originally. That suddenly requires a patching of the kernel because of
> new commands in new devices. Like when dvd readers became common, you
> can't just require people to update their kernel because a few new
> commands are needed to drive them from user space.

This is no different from having to build a new kernel whenever you happen to install a new revision of a videocard, nic, scsi controller, or random other device new enough that its pci_id isn't in pci_ids.h. New features and new devices frequently require new kernels.

Allowing specific commands while disallowing unknown commands to standard users is a far better scenario than any other proposals I've heard so far.

--
Douglas Leonard
dleonard@xxxxxxxxxxxx

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: mikem: "cciss updates again [5/6] SATA controller ID fix for 2.6.8-rc3"
Previous message: Jon Smirl: "Re: DRM function pointer work.."
In reply to: Alan Cox: "Re: ide-cd problems"
Next in thread: Jens Axboe: "Re: ide-cd problems"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]