Re: [OT] Joerg Schilling flames Linux on his Blog

From: Alexander E. Patrakov
Date: Thu May 26 2005 - 07:33:14 EST


Bodo Eggert wrote:

So we can

1) give up and let any application with write access destroy the hardware


That won't be a problem if all apps with write access are running as root or setuid and thus the list of them is well-controlled by root.

2) implement a basic filter (common for all deviced) and a device-specific filter, which can be set by a userspace application.


In fact both approaches are used in the kernel.

(1) is used in the usbfs code, and thus SANE and gPhoto2 rely upon it (BTW it's still possible for a user to install an old version of SANE into /home/user and damage a scanner). Proper filtering in the kernel would be probably just too complex in this "usb generic" case.

(2) is used e.g. in DRM code.

What's missing is a clearly stated policy that says which of those two approaches should be applied in each particular case.

--
Alexander E. Patrakov

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/