Re: PATCH: cdrecord: avoiding scsi device numbering for ide devices

[Bartlomiej Zolnierkiewicz]

On Thursday 19 August 2004 21:19, Mark Lord wrote:
>  >And what do you do the day someone posts "lock IDE drive with random
>  >password as any user" to bugtraq ?
>
> I should hope that these lines in the driver would prevent such:
>
>        if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RAWIO))
>              return -EACCES;

Exactly.

Sending raw commands is _privileged_ operation.

Alan's example is invalid because IDE driver requires CAP_SYS_ADMIN and 
CAP_SYS_RAWIO so if there is some security risk involved - it is in the user 
apps not in the kernel.  Also Linus first fixed SG_IO correctly with 
requiring CAP_SYS_RAWIO but then (under Alan's influence?) he added filtering 
which broke cd writing and which is just unmaintainable.

Also filtering cannot work in all cases because there are vendor specific 
opcodes, some devices redefines some opcodes etc. - this should be left to 
user space.

Bartlomiej
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/