Re: SG_IO and security

From: Florian Weimer
Date: Fri Aug 13 2004 - 15:08:17 EST

Next message: Sam Ravnborg: "[10/12] kbuild: Fix hostprogs-y"
Previous message: Sam Ravnborg: "[11/12] kbuild: Use POSIX headers for ntoh functions"
In reply to: Jeff Garzik: "Re: SG_IO and security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Linus Torvalds:

> On Thu, 12 Aug 2004, Linus Torvalds wrote:
>>
>> Hmm.. This still allows the old "junk" commands (SCSI_IOCTL_SEND_COMMAND).
>
> Btw, I think the _right_ thing to check is the write access of the file
> descriptor. If you have write access to a block device, you can delete the
> data, so you might as well be able to do the raw commands. And that would
> allow things like "disk" groups etc to work and burn CD's.

But wouldn't the ability to burn CDs imply that a user can also
corrupted the firmware of the drive, unless other countermeasures are
in place?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Sam Ravnborg: "[10/12] kbuild: Fix hostprogs-y"
Previous message: Sam Ravnborg: "[11/12] kbuild: Use POSIX headers for ntoh functions"
In reply to: Jeff Garzik: "Re: SG_IO and security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]