Re: SG_IO and security

[Bill Davidsen]

Jeff Garzik wrote:
> Peter Jones wrote:
>
> > On Thu, 12 Aug 2004 22:22:36 +0300 (EEST), Kai Makisara
> > <kai.makisara@xxxxxxxxxxx> wrote:
> >
> > > On Thu, 12 Aug 2004, Linus Torvalds wrote:
> > >
> > > > Let's see now:
> > > >
> > > >      brw-rw----    1 root     disk       3,   0 Jan 30  2003 /dev/hda
> > > >
> > > > would you put people you don't trust with your disk in the "disk" 
> > > > group?
> > >
> > > This protects disks in practice but SG_IO is currently supported by 
> > > other
> > > devices, at least SCSI tapes. It is reasonable in some organizations to
> > > give r/w access to ordinary users so that they can read/write tapes. I
> > > would be worried if this would enable the users, for instance, to 
> > > mess up
> > > the mode page contents of the drive or change the firmware.
> >
> >
> >
> > Sure, but for that we need command based filtering.
>
>
> We have that now (sigh).  See attached patch, which is in BK...
>
> A similar approach could be applied to tape as well.
>
> Though in general I think command-based filtering is not scalable...  at 
> the very least I would prefer a list loaded from userspace at boot.

It would seem that the list is unlikely to change much, since it would 
presumably be limited to the standard SCSI commands, and require RAWIO 
for vendor commands. Do you see any like change I'm missing?

--
   -bill davidsen (davidsen@xxxxxxx)
"The secret to procrastination is to put things off until the
 last possible moment - but no longer"  -me
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/