Re: SG_IO and security

From: Peter Jones
Date: Fri Aug 13 2004 - 14:33:40 EST

Next message: Sam Ravnborg: "kbuild updates"
Previous message: O.Sezer: "[PATCH 2.4] various "unused" warnings"
In reply to: Kai Makisara: "Re: SG_IO and security"
Next in thread: Jeff Garzik: "Re: SG_IO and security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 12 Aug 2004 22:22:36 +0300 (EEST), Kai Makisara
<kai.makisara@xxxxxxxxxxx> wrote:
> On Thu, 12 Aug 2004, Linus Torvalds wrote:
> > Let's see now:
> >
> > brw-rw---- 1 root disk 3, 0 Jan 30 2003 /dev/hda
> >
> > would you put people you don't trust with your disk in the "disk" group?
> >
> This protects disks in practice but SG_IO is currently supported by other
> devices, at least SCSI tapes. It is reasonable in some organizations to
> give r/w access to ordinary users so that they can read/write tapes. I
> would be worried if this would enable the users, for instance, to mess up
> the mode page contents of the drive or change the firmware.

Sure, but for that we need command based filtering.

This is at least a step in the right direction.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Sam Ravnborg: "kbuild updates"
Previous message: O.Sezer: "[PATCH 2.4] various "unused" warnings"
In reply to: Kai Makisara: "Re: SG_IO and security"
Next in thread: Jeff Garzik: "Re: SG_IO and security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]