Re: Direct access to hardware

From: Khimenko Victor (khim@sch57.msk.ru)
Date: Sat Jul 22 2000 - 14:43:46 EST

Next message: Frank van Maarseveen: "2.4.0 firewalling code: reject with type 3 code 13"
Previous message: Khimenko Victor: "Re: Butting in.. (Was: scsi-destroyer.c to come...)"
In reply to: James Sutherland: "Re: Direct access to hardware"
Next in thread: James Sutherland: "Re: Direct access to hardware"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In <Pine.LNX.4.10.10007221822320.5862-100000@dax.joh.cam.ac.uk> James Sutherland (jas88@cam.ac.uk) wrote:
> On Sat, 22 Jul 2000, Miquel van Smoorenburg wrote:

>> According to James Sutherland:
>> > On 21 Jul 2000, Miquel van Smoorenburg wrote:
>> > > It _is_ possible. Check out "capabilities".
>> >
>> > It isn't possible. Root can bypass them all completely, as long as
>> > /dev/kmem etc. exist.
>>
>> If CAP_SYS_RAWIO isn't set, even root cannot open /dev/mem /dev/kmem
>> and /dev/port. Read linux/char/mem.c, check open_port etc

> So much for the "root is god" claims made earlier, then. What about iopl()
> and the like?

You can not use that without CAP_SYS_RAW as well.

> IF capabilities can be used to block this (and similar), and Andre's
> "sanity checking" for ATA is added, then surely it *IS* possible to prevent
> root screwing the HDD (without replacing the kernel, at which point all
> bets are off, of course).

You missed the point. If you'll block all this with capabilities then you'll
block ability for root to screw the HDD WITHOUT any filtering like Andre's
patch.

>> > Shall we delete capabilities on this basis? I think
>> > not - so why apply that argument to Andre's bugfix?
>>
>> Well no, as many others have pointed out, it's the other way around-
>> capabilities should be applied to everything that gives access to
>> some hardware's firmware programming interface.

> Quite the opposite of the approach some were advocating, then - give root
> absolute and unconditional power to do anything, however stupid.

Not exactly opposite. Root IS god (it's default). Once root is NOT god it
can not play with hardware as well (and HDIO_DRIVE_CMD must be disable in
this case - this IS small bug in current kernel) and thus can not screw
your HDD. Without filtering and all such crap.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Frank van Maarseveen: "2.4.0 firewalling code: reject with type 3 code 13"
Previous message: Khimenko Victor: "Re: Butting in.. (Was: scsi-destroyer.c to come...)"
In reply to: James Sutherland: "Re: Direct access to hardware"
Next in thread: James Sutherland: "Re: Direct access to hardware"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Sun Jul 23 2000 - 21:00:19 EST