"H. Peter Anvin" wrote:
>
> Followup to: <Pine.LNX.4.10.10007212041090.15902-100000@master.linux-ide.org>
> By author: Andre Hedrick <andre@linux-ide.org>
> In newsgroup: linux.dev.kernel
> >
> > Everyone
> >
> > I am talking about attempting to invoke unknown vender specific commands
> > They do comply with the SPEC but are not part of the SPEC.
> > Since I do not have the priviledge of knowing these facts, but know they
> > exist. You can not allow a rouge driver attempt to invoke these commands.
> >
>
> A rogue driver can always do this by writing straight to the
> interface. I think a more serious issue is: what about a *buggy*
> drivers? However, what I am a bit unclear of is the following: will
> this patch prevent me from writing a driver which issues legitimate
> vendor-specific commands to control vendor-specific aspects of a
> particular piece of hardware? If so, that would be a very bad thing.
> However, if this patch is there to prevent buggy programs from issuing
> known-to-be-damaging commands by accient, then that is a Good
> Thing[TM].
Vendor-specific commands would not be allowed through the kernel. A
specific program for a specific vendor would have to use RAW_IO; ie
for firmware upgrades.
>
> I personally would have to agree with the people that say this isn't a
> security issue, but I *do* believe that protecting buggy programs (we
> never have any of those, right?) from causing permanent damage to the
> hardware is a very useful thing.
This is EXACTLY what Andre is trying to accomplish.
>
> -hpa
>
> --
> <hpa@transmeta.com> at work, <hpa@zytor.com> in private!
> "Unix gives you enough rope to shoot yourself in the foot."
> http://www.zytor.com/~hpa/puzzle.txt
>
--- Tim
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Jul 23 2000 - 21:00:19 EST