> If the system is secure, then adding sanity checking to the ATA code
> makes no difference: nobody gets to do anything improper anyway.
You aren't reading the capability stuff very carefully. For some setups it
is neccessary to know that even the superuser cannot make direct hardware
access and thus potentially destroy logs of their activity. Once you start
doing real security (mandatory btw for the US govt market by 2002 and probably
for all credit card transaction handling hosts of any kind) you need a real
security policy and one thing you need to be able to do is to take the ability
to do uncontrolled hardware bypass away from even root.
Thats why you need CAP_SYS_RAWIO checked on those ioctls and the scsi one. Its
a bug fix for the security policy model. The ranting about ide stuff is an
aside to a seperate small but real policy implementation bug.
Alan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon Jul 31 2000 - 21:00:22 EST