Re: SG_IO and security

From: Jeff Garzik
Date: Thu Aug 12 2004 - 11:56:29 EST

Next message: David N. Welton: "Re: 2.6 kernel won't reboot on AMD system - 8042 problem?"
Previous message: Michael Buesch: "Re: [RFC, PATCH] sys_revoke(), just a try. (was: Re: dynamic /dev security hole?)"
In reply to: Linus Torvalds: "Re: SG_IO and security"
Next in thread: Linus Torvalds: "Re: SG_IO and security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Linus Torvalds wrote:

On Thu, 12 Aug 2004, Linus Torvalds wrote:

Hmm.. This still allows the old "junk" commands (SCSI_IOCTL_SEND_COMMAND).

Btw, I think the _right_ thing to check is the write access of the file descriptor. If you have write access to a block device, you can delete the data, so you might as well be able to do the raw commands. And that would allow things like "disk" groups etc to work and burn CD's.

Define raw commands. I certainly don't want non-root users to be able to issue FORMAT UNIT on my hard drive.

Jeff

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: David N. Welton: "Re: 2.6 kernel won't reboot on AMD system - 8042 problem?"
Previous message: Michael Buesch: "Re: [RFC, PATCH] sys_revoke(), just a try. (was: Re: dynamic /dev security hole?)"
In reply to: Linus Torvalds: "Re: SG_IO and security"
Next in thread: Linus Torvalds: "Re: SG_IO and security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]