Re: SG_IO and security
From: Peter Jones
Date: Fri Aug 13 2004 - 14:33:40 EST
On Thu, 12 Aug 2004 22:22:36 +0300 (EEST), Kai Makisara
<kai.makisara@xxxxxxxxxxx> wrote:
> On Thu, 12 Aug 2004, Linus Torvalds wrote:
> > Let's see now:
> >
> > brw-rw---- 1 root disk 3, 0 Jan 30 2003 /dev/hda
> >
> > would you put people you don't trust with your disk in the "disk" group?
> >
> This protects disks in practice but SG_IO is currently supported by other
> devices, at least SCSI tapes. It is reasonable in some organizations to
> give r/w access to ordinary users so that they can read/write tapes. I
> would be worried if this would enable the users, for instance, to mess up
> the mode page contents of the drive or change the firmware.
Sure, but for that we need command based filtering.
This is at least a step in the right direction.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/