Re: PATCH: cdrecord: avoiding scsi device numbering for ide devices

[David Greaves]

Xavier Bestel wrote:

> Le sam 21/08/2004 à 08:58, David Greaves a écrit :
>
>  
>
> > Can someone explain why it isn't anyone with _write_ access to the device?
> > Surely it's better to drop a user into a group or setgid a program?
> >
> > If I have write access to a device then I can wipe it's media anyway.
> > Is there something I'm missing?
> >    
>
> If you have write access to a single partition only, you could always
> screw the entire disk (and with firmware upload, it's really totally
> screwed).
OK - I was thinking of the CD problem.

So only allow these operations on the whole disk device?

If you wanted to grant them this capability on a partition then my 
understanding is that through the power of these operations you've 
essentially given them the ability to overwrite to the whole device 
anway - so just give them write permission to the whole device. MNaybe 
through setgid code though.

If you need some operations to act on the partitions then you'd have to 
differentiate between users writing to a partition and users operating 
on the partition. Difficult without better acls - so then you have to 
say "operations on the whole disk device granted through write 
permission; operations on the partition devices forbidden"

The less reasons to make users use or suid root, the better.

David
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/