Re: ide-cd problems

From: Alan Cox
Date: Sat Aug 07 2004 - 10:07:53 EST


On Gwe, 2004-08-06 at 23:47, Jens Axboe wrote:
> But thanks for high lighting why filtering is bad for new devices.

Filtering is essential. If you have CAP_SYS_RAWIO set then anything
goes. Root is entitled to reflash his hard disk to report all files
having setuid bits, or to total the media or to password lock it.

End users are not and the only sane kernel behaviour for the "unsure"
case is "-EPERM". If its not the right behaviour we have setuid bits.
If it was the other way around your end user just password locked all
your disks with a password you'll never recover.


Alan

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/