Re: SG_IO and security
From: Kai Makisara
Date: Thu Aug 12 2004 - 14:27:45 EST
On Thu, 12 Aug 2004, Linus Torvalds wrote:
>
>
> On Thu, 12 Aug 2004, Jeff Garzik wrote:
> >
> > Linus Torvalds wrote:
> > >
> > > On Thu, 12 Aug 2004, Linus Torvalds wrote:
> > >
> > >>Hmm.. This still allows the old "junk" commands (SCSI_IOCTL_SEND_COMMAND).
> > >
> > >
> > > Btw, I think the _right_ thing to check is the write access of the file
> > > descriptor. If you have write access to a block device, you can delete the
> > > data, so you might as well be able to do the raw commands. And that would
> > > allow things like "disk" groups etc to work and burn CD's.
> >
> > Define raw commands. I certainly don't want non-root users to be able
> > to issue FORMAT UNIT on my hard drive.
>
> Ehh? The same ones you allow to write all over the raw device?
>
> Let's see now:
>
> brw-rw---- 1 root disk 3, 0 Jan 30 2003 /dev/hda
>
> would you put people you don't trust with your disk in the "disk" group?
>
This protects disks in practice but SG_IO is currently supported by other
devices, at least SCSI tapes. It is reasonable in some organizations to
give r/w access to ordinary users so that they can read/write tapes. I
would be worried if this would enable the users, for instance, to mess up
the mode page contents of the drive or change the firmware.
--
Kai
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/